1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: James Valleroy <jvalleroy@mailbox.org>
Date: Fri, 22 Aug 2025 16:22:13 -0400
Subject: fix reflected XSS via searchtags parameter
Applied from upstream commit:
https://github.com/shaarli/Shaarli/commit/e77c04a76601cdcd62e74c396a931d750e007c45
Fix for CVE-2025-55291:
https://security-tracker.debian.org/tracker/CVE-2025-55291
---
application/front/controller/visitor/TagCloudController.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/application/front/controller/visitor/TagCloudController.php b/application/front/controller/visitor/TagCloudController.php
index 46d6277..2012740 100644
--- a/application/front/controller/visitor/TagCloudController.php
+++ b/application/front/controller/visitor/TagCloudController.php
@@ -87,7 +87,7 @@ class TagCloudController extends ShaarliVisitorController
$searchTags = !empty($searchTags) ? trim(str_replace($tagsSeparator, ' ', $searchTags)) . ' - ' : '';
$this->assignView(
'pagetitle',
- $searchTags . t('Tag ' . $type) . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
+ escape($searchTags) . t('Tag ' . $type) . ' - ' . $this->container->conf->get('general.title', 'Shaarli')
);
return $response->write($this->render('tag.' . $type));
|
