Lucene search
+L

5 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan from 3.6.0 to 3.6.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the SanitizeSVG function being bypassed, allowing cross-site scripting attacks to occur...

8.6CVSS5.6AI score0.00469EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 3:33 a.m.3 views

CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.7AI score0.00302EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.7 views

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS6AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.5 views

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to check the existence of a username in the system via an API...

6.9CVSS6.6AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.4 views

PT-2024-30473 · WordPress · Wp-Lister Lite For Ebay

Name of the Vulnerable Software and Affected Versions: WP-Lister Lite for eBay versions 3.6.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

7.1CVSS6.4AI score0.00273EPSS
Exploits0References8
Rows per page
Query Builder