2 matches found
CVE-2026-59833
SiYuan (open-source PIM) prior to 3.7.1 uses Lute with sanitization, but the per-attribute URL-scheme sanitizer fails to check form action and SVG xlink:href attributes. This allows stored XSS in document export-preview and Bazaar package README rendering paths, with potential to execute OS comma...
PT-2019-15702 · Safe-Svg · Safe-Svg
Name of the Vulnerable Software and Affected Versions: safe-svg plugin versions through 1.9.4 Description: A Denial Of Service issue exists, related to unlimited recursion for a '' substring. Recommendations: For versions through 1.9.4, update to a version later than 1.9.4 to resolve the issue...