CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

Github Security Blog•added 2026/03/10 11:57 p.m.•4 views

SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...

6.4CVSS5.8AI score0.00502EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by