SiYuan cross-site scripting vulnerabilities

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from the /api/icon/getDynamicIcon endpoint’s improper handling of uncleaned SVG inputs, which...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

CVE-2021-47841 SnipCommand 0.1.0 - Persistent Cross-Site Scripting

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

CVE-2021-47841

CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...

CVE-2021-47836

Markdown Explorer 0.1.1 is affected by a persistent cross-site scripting (XSS) vulnerability that allows attackers to upload Markdown files with embedded JavaScript to execute remote commands and potentially gain system access. Root cause is XSS via file uploads/editor inputs. Public exploits are...

CVE-2021-47836 Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836 Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

PT-2026-3296

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

PT-2026-3291

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access...

Google Chrome: Input validation error vulnerability

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs during the download process...

Markdown Explorer security vulnerabilities

Markdown Explorer is a Markdown document browser developed by jersou. Version 0.1.1 of Markdown Explorer contains a security vulnerability; this vulnerability stems from cross-site scripting in file uploads and editor inputs, which may lead to remote code execution...

CVE-2021-47771

RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

GLPI SQL injection vulnerability

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

PT-2026-3045

Name of the Vulnerable Software and Affected Versions Isshue Shopping Cart version 3.5 Description The software contains a persistent cross-site scripting issue in title input fields within the stock, customer, and invoice modules. An attacker with elevated privileges can inject malicious scripts...

Tagstoo Cross-Site Scripting Vulnerability

Tagstoo is a tag-based file manager developed by Pablo Andueza. Version 2.0.1 of Tagstoo contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of file or custom tag inputs, which may lead to storage-based cross-site scripting attacks...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003104 advisory. The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AFALG-base...