Lucene search
+L

5 matches found

OSV
OSV
added 2026/05/20 7:7 p.m.13 views

GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:23 p.m.47 views

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS0.00509EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:23 p.m.3 views

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS6.2AI score0.00509EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5545

Malware in sbrugna...

7.3CVSS6.1AI score0.01014EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/03/09 4:0 p.m.19 views

CVE-2018-7996

Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter...

6AI score0.00664EPSS
Exploits1References1
Rows per page
Query Builder