GHSA-MVPM-V6Q4-M2PF SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Stored XSS to RCE via Unsanitized Bazaar Package Metadata Summary SiYuan's Bazaar community marketplace renders package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which...