GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

SiYuan 跨站脚本漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the tooltip handler not properly escaping the aria-label attribute, which could lead to cross-site...

GHSA-25RP-H46X-2HJM SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

PT-2026-39285

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An issue exists in the tooltip mouseover handler where the software reads the aria-label attribute and processes it using decodeURIComponent before assigning the result to messageElement.innerHTML. Th...

CVE-2025-5337

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

BIT-JOOMLA-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Joomla! cross-site scripting vulnerability (CNVD-2021-02804)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 3.9.0 - 3.9.23. The...

CVE-2021-23124

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Cross site scripting

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

CVE-2021-23124

CVE-2021-23124 affects Joomla! 3.9.0–3.9.23, due to lack of escaping in the mod_breadcrumbs aria-label attribute, which allows cross-site scripting (XSS). The issue is documented across multiple feeds (NVD, OSV, CNVD, osv.dev) with consolidated descriptions. Exploitation would involve crafting in...

CVE-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

PT-2021-15379 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.0 through 3.9.23 Description: The issue is related to a lack of escaping in the aria-label attribute of the mod breadcrumbs module, which allows XSS attacks. Recommendations: For Joomla! versions 3.9.0 through 3.9.23,...

Open Source Matters Joomla 跨站脚本漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! 3.9.0 - 3.9.23. The...

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

Lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...