CVE-2026-34605 | SiYuan up to 3.6.1 /api/icon/getDynamicIcon SanitizeSVG cross site scripting (ID 17246)

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability was found in SiYuan up to 3.6.1. It has been classified as problematic. This impacts the function SanitizeSVG of the file /api/icon/getDynamicIcon. This manipulation causes cross site scripting.

This vulnerability appears as CVE-2026-34605. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-34605 | SiYuan up to 3.6.1 /api/icon/getDynamicIcon SanitizeSVG cross site scripting (ID 17246)

Post correlati

CVE-2025-52782 | King Rayhan Scroll UP Plugin up to 2.0 on WordPress cross site scripting

CVE-2024-9769 | Video Gallery Plugin up to 2.4.1 on WordPress cross site scripting

CVE-2024-1118 | Podlove Subscribe Button Plugin up to 1.3.10 on WordPress sql injection

CVE-2023-52111 | Huawei HarmonyOS/EMUI BootLoader Module improper authentication