SiYuan, Cross-site Scripting, CVE-2026-31807 (Medium)

Listen to this Post

CVE-2026-31807 details a reflected Cross-site Scripting (XSS) vulnerability in SiYuan, a personal knowledge management system, versions prior to 3.5.10. The vulnerability resides in the SVG sanitizer function SanitizeSVG. While the sanitizer correctly blocks dangerous static elements like `

Scroll to Top