CVE-2026-29183 | SiYuan up to 3.5.8 API Endpoint /api/icon/getDynamicIcon cross site scripting

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in SiYuan up to 3.5.8. Affected by this issue is some unknown functionality of the file /api/icon/getDynamicIcon of the component API Endpoint. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-29183. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-29183 | SiYuan up to 3.5.8 API Endpoint /api/icon/getDynamicIcon cross site scripting

Post correlati

CVE-2025-66432 | Oxide Omicron up to 17.0 API Token unprotected alternate channel

CVE-2025-27825 | Bootstrap 5 Lite Theme prior 1.x-1.0.3 on Backdrop cross site scripting (trib-2025-004)

CVE-2023-37293 | AMI MegaRAC_SPx prior 12.7/13.6 BMC and/or stack-based overflow

CVE-2024-43311 | Geek Code Lab Login As Users Plugin up to 1.4.2 on WordPress privileges management