CVE-2025-55291
📋 TL;DR
CVE-2025-55291 is a reflected Cross-Site Scripting (XSS) vulnerability in Shaarli bookmark manager where improper input sanitization on the cloud tag page allows attackers to inject malicious scripts by prematurely closing the </title> tag. This affects all Shaarli instances running versions prior to 0.15.0. Attackers can execute arbitrary JavaScript in victims' browsers when they visit a specially crafted URL.
💻 Affected Systems
- Shaarli
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.
Likely Case
Session hijacking, credential theft, or defacement of the Shaarli interface for users who click malicious links.
If Mitigated
Limited impact if users have strong browser security settings, CSP headers are implemented, or the instance is not internet-facing.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly exploited and require minimal technical skill. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.15.0
Vendor Advisory: https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h
Restart Required: Yes
Instructions:
1. Backup your Shaarli data and configuration. 2. Download Shaarli 0.15.0 or later from the official repository. 3. Replace the existing installation files with the new version. 4. Restart your web server or PHP-FPM service.
🔧 Temporary Workarounds
Implement Content Security Policy (CSP)
allAdd CSP headers to restrict script execution sources and mitigate XSS impact.
Add to web server config or .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
For Nginx: add_header Content-Security-Policy "default-src 'self'; script-src 'self';";
Web Application Firewall (WAF) Rules
allConfigure WAF to block requests containing XSS payloads targeting the cloud tag page.
ModSecurity rule: SecRule ARGS "<\/title>" "id:1001,phase:2,deny,status:403,msg:'XSS attempt detected'"
Cloudflare WAF: Enable XSS protection rules
🧯 If You Can't Patch
- Restrict access to Shaarli to trusted internal networks only using firewall rules.
- Implement strong input validation and output encoding in custom code if modifications are possible.
🔍 How to Verify
Check if Vulnerable:
Check if Shaarli version is below 0.15.0 by viewing the footer or admin panel, or examine the source code for the vulnerable input handling in the cloud tag page.Check Version:
Check Shaarli web interface footer or run: grep -r "SHAARLI_VERSION" /path/to/shaarli/ | head -1Verify Fix Applied:
Confirm installation of Shaarli 0.15.0 or later, and test that input containing </title> tags is properly sanitized and does not execute scripts.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /?do=tagcloud containing suspicious strings like </title> or script tags
- Unusual user agent strings or referrers in access logs
Network Indicators:
- Outbound connections to unknown domains following visits to Shaarli tag cloud pages
- Unexpected POST requests from Shaarli users to external sites
SIEM Query:
source="web_access_logs" url="*do=tagcloud*" AND (url="*</title>*" OR url="*<script>*")