SiYuan’s Bazaar package metadata appears in the application without HTML escaping. A malicious author can insert arbitrary HTML or JavaScript into the display name or description fields, which is rendered when any user visits the Bazaar page. Because the Electron configuration enables node integration and disables context isolation, the injected script runs with full Node.js privileges. This elevates the ordinary client‑side XSS to a full remote code execution that operates on the victim’s operating system without any further user interaction beyond opening the marketplace tab.

The affected product is SiYuan, the personal knowledge‑management system from the vendor siyuan-note. Versions 3.6.0 and all prior releases are vulnerable; the issue was resolved in version 3.6.1, which sanitizes package metadata before rendering.

The base CVSS score of 5.3 and an EPSS less than 1% indicate a moderate severity with a currently low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, and no widespread active exploitation has been reported. An attacker would need to host or persuade a victim to install a malicious Bazaar package, but once the package is viewed the attacker can execute arbitrary system commands, representing a significant threat to any device running the affected SiYuan installation.