It seems that someone requested a CVE for the batch of XSS I found in Shaarli 6 month ago. Since the software is not really maintained, nor widely used, a CVE for this seems weird. Anyway CVE-2013-7351 was assigned, time to party in honour of my first CVE \o/
Bonus: json_encode has never been an XSS mitigation ;)