3 matches found
GO-2026-4667 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...
CVE-2026-31809
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...