SiYuan, XSS via Namespace Prefix Bypass, N/A (Medium)

Listen to this Post

How the mentioned CVE works

The unauthenticated `/api/icon/getDynamicIcon` endpoint inserts user‑controlled `content` directly into an SVG `` element using `fmt.Sprintf` without encoding. A sanitization function `SanitizeSVG` (added in v3.6.0) attempts to block malicious tags by checking lowercased tag names against a hardcoded blocklist. The underlying Go HTML parser (github.com/88250/lute/html) stores the full qualified name of elements, including any XML namespace prefix. An attacker supplies a payload like <x:script xmlns:x="http://www.w3.org/2000/svg">alert(1)</x:script>. The parser records Node.Data = "x:script", which does not match the blocklist condition tag == "script", so the element survives. The SVG is served with `Content-Type: image/svg+xml` and no CSP. When the victim opens the URL, the browser resolves the `x:` prefix to the SVG namespace and executes the script. Because the endpoint is unauthenticated and `Access-Control-Allow-Origin: ` is set, the attacker can craft a link that, once clicked, runs same‑origin JavaScript, allowing full control over the victim’s notes, settings, and API calls.

dailycve form

Platform: SiYuan
Version: v3.6.0
Vulnerability: XSS via namespace
Severity: Medium
date: 2026-04-01

Prediction: Fixed in v3.6.1

What Undercode Say:

Analytics

Verify the parser behavior
echo '<x:script xmlns:x="http://www.w3.org/2000/svg">alert(1)</x:script>' | go run main.go
Test vulnerable endpoint
curl -i "http://127.0.0.1:6806/api/icon/getDynamicIcon?type=8&color=red&content=%3C%2Ftext%3E%3Cx%3Ascript%20xmlns%3Ax%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3Ealert%28document.domain%29%3C%2Fx%3Ascript%3E%3Ctext%3E"

Exploit:

`GET /api/icon/getDynamicIcon?type=8&color=red&content=%3C%2Ftext%3E%3Cx%3Ascript%20xmlns%3Ax%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3Ealert%28document.domain%29%3C%2Fx%3Ascript%3E%3Ctext%3E`

Protection from this CVE

Upgrade to SiYuan ≥ v3.6.1 where the sanitizer strips namespace prefixes before blocklist comparison. Alternatively, apply a WAF rule to block `xmlns:` patterns in the `content` parameter and enforce a strict CSP for SVG endpoints.

Impact:

Remote unauthenticated XSS leading to same‑origin script execution. An attacker on the same network can steal session cookies, read all notes, export data, modify settings, and perform any authenticated action without user interaction beyond clicking a malicious link.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top