Lucene search
K

13 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39126

SiYuan: Stored XSS in Bazaar marketplace via package README event handlers...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:18 p.m.15 views

CVE-2026-54070

CVE-2026-54070 — SiYuan : A Stored XSS in the Bazaar marketplace path arises before v3.7.0. renderPackageREADME converts Markdown READMEs to HTML using lute with SetSanitize(true), but the event-handler blocklist misses several modern handlers, allowing attributes like onpointerover, onpointerdow...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52110

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The renderPackageREADME function in kernel/bazaar/readme.go renders Bazaar package READMEs from Markdown to HTML using the lute engine. The sanitizer uses a blocklist that omits modern event handlers,...

7.1CVSS6.2AI score0.0018EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/14 11:12 p.m.9 views

SiYuan has incomplete fix for CVE-2026-33066: XSS

Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...

9CVSS7AI score0.00584EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2026/04/14 11:12 p.m.5 views

GHSA-8Q5W-MMXF-48JG SiYuan has incomplete fix for CVE-2026-33066: XSS

Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...

5.4CVSS7AI score0.00584EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/03/20 8:11 a.m.26 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS0.00584EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:11 a.m.3 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS6.5AI score0.00584EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 8:11 a.m.26 views

CVE-2026-33066

SiYuan CVE-2026-33066 affects versions 3.6.0 and earlier, where renderREADME can pass unsanitized HTML from Markdown to innerHTML, enabling stored XSS that escalates to RCE in Electron (nodeIntegration: true, contextIsolation: false). The incomplete fix in 3.6.1–3.6.3 allowed iframe-based XSS via...

9CVSS6AI score0.00584EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.10 views

SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...

9CVSS6.2AI score0.00584EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/18 4:9 p.m.4 views

GHSA-4663-4MPG-879V SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...

5.3CVSS6.2AI score0.00584EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26188

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier SiYuan versions 3.5.9 and earlier Description SiYuan is a personal knowledge management system. The backend 'renderREADME' function uses 'lute.New' without calling 'SetSanitizetrue', allowing raw HTML embedded...

9CVSS6.7AI score0.00584EPSS
Exploits1References156
NVD
NVD
added 2026/01/18 11:15 p.m.7 views

CVE-2026-23525

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

8.4CVSS0.00306EPSS
Exploits0References1
OSV
OSV
added 2023/04/20 10:15 a.m.4 views

CVE-2023-1767

The Snyk Advisor website https://snyk.io/advisor/ was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README fi...

5.4CVSS6.1AI score0.00513EPSS
Exploits2References2
Rows per page
Query Builder