Lucene search
+L

5 matches found

nvd
nvd
added last week7 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
cvelist
cvelist
added last week31 views

CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
cve
cve
added last week10 views

CVE-2026-59833

SiYuan (open-source PIM) prior to 3.7.1 uses Lute with sanitization, but the per-attribute URL-scheme sanitizer fails to check form action and SVG xlink:href attributes. This allows stored XSS in document export-preview and Bazaar package README rendering paths, with potential to execute OS comma...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References3
osv
osv
added last week2 views

CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS6.1AI score0.00388EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2019/11/11 12:0 a.m.7 views

PT-2019-15702 · Safe-Svg · Safe-Svg

Name of the Vulnerable Software and Affected Versions: safe-svg plugin versions through 1.9.4 Description: A Denial Of Service issue exists, related to unlimited recursion for a '' substring. Recommendations: For versions through 1.9.4, update to a version later than 1.9.4 to resolve the issue...

7.5CVSS7.4AI score0.02605EPSS
Exploits0References6
Rows per page
Query Builder