8 matches found
EUVD-2026-23331
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...
CVE-2026-40922
CVE-2026-40922 (SiYuan) : In SiYuan versions 3.6.1–3.6.3, an incomplete sanitization of bazaar README rendering allowed stored XSS via iframe srcdoc, escaping Lute HTML sanitizer and enabling embedded scripts to run in the Electron context with full app privileges. The issue stems from the saniti...
CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...
CVE-2026-40922
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...
GO-2026-4743 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel...
GHSA-4663-4MPG-879V SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
PT-2026-26188
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...