2 matches found
CVE-2026-54070
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitizetrue. The lute sanitizer is an event-handler blocklist: allowAttr rejects only...
PT-2026-52108
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description A flaw exists where a CSS snippet body containing can break out of its surrounding tag during interpolation by the renderSnippet function via insertAdjacentHTML. This allows the execution of arbitrary...