SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of HTML escaping in the package metadata fields, which could lead to cross-site...

Cross-site scripting (XSS) vulnerability in Description metadata

Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript JS scripts into the body HTML. an XSS Cross-Site Scripting vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS...