3 matches found
GO-2026-5201 SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated) in github.com/siyuan-note/siyuan/kernel
SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG getDynamicIcon, unauthenticated in github.com/siyuan-note/siyuan/kernel...
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated )
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...
CVE-2026-34605
SiYuan 3.6.0–3.6.1 suffer a bypass of the SanitizeSVG XSS fix on the unauthenticated /api/icon/getDynamicIcon endpoint. The Go HTML5 parser records namespace-prefixed SVG tags as x:script, allowing the tag to bypass the numeric sprite check; when served as image/svg+xml without a CSP, the browser...