CVE-2026-23645 | siyuan-note siyuan up to 3.5.4-dev1 SVG File cross site scripting

Inserito da Angelo Barbosa | Gen 16, 2026 | CVE

A vulnerability was found in siyuan-note siyuan up to 3.5.4-dev1. It has been declared as problematic. This affects an unknown part of the component SVG File Handler. Executing a manipulation can lead to cross site scripting.

This vulnerability is tracked as CVE-2026-23645. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-23645 | siyuan-note siyuan up to 3.5.4-dev1 SVG File cross site scripting

Post correlati

CVE-2025-0818 | File Manager Plugin on WordPress path traversal

CVE-2024-43948 | Dinesh Karki WP Armour Extended Plugin up to 1.26 on WordPress cross site scripting

CVE-2024-38871 | Zoho ManageEngine Exchange Reporter Plus up to 5717 sql injection

CVE-2024-43027 | Draytek Vigor 3900/Vigor 2960/Vigor 300B prior 1.5.1.5_Beta cgi-bin/mainfunction.cgi action command injection