Description
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0.
Published: 2026-06-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw in SiYuan’s Bazaar package system. Before version 3.7.0, the kernel’s readme rendering uses the lute engine with a sanitizer that only blocks legacy event attributes; modern handler attributes such as onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not filtered and therefore pass through unchanged. The resulting HTML is injected directly into the main document without any additional client‑side sanitization or security headers. When an administrator opens or interacts with a malicious package in the marketplace, the embedded script runs in the context of the administrator’s authenticated session, giving the attacker full control of the workspace to execute arbitrary code, exfiltrate data, or manipulate the environment.

Affected Systems

The issue affects the SiYuan Note application (siyuan-note:siyuan) running any version earlier than 3.7.0. The fix was introduced in 3.7.0 and newer releases are not impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑risk scenario, though there is no EPSS score available to determine current exploitation probability and the vulnerability is not listed in CISA KEV. Exploitation does not require installation of the malicious Bazaar package; a privileged administrator simply needs to open the package listing and interact with it, at which point the malicious README containing modern event handler attributes such as onpointerover or onfocusin is rendered and injected into the main document. Because the rendered README is inserted directly into the main document, the attack is achievable without a separate iframe or sandbox, and does not rely on external content. The likely attack path is a third‑party package author submitting malware to the Bazaar marketplace, which a trusted administrator opens and interacts with, triggering the embedded script and allowing the attacker full control of the workspace.

Generated by OpenCVE AI on June 25, 2026 at 00:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SiYuan to version 3.7.0 or later to remove the unsafe rendering path.
  • If an immediate upgrade is not possible, block or restrict access to the Bazaar marketplace or avoid installing third‑party packages from untrusted authors.
  • As a temporary measure, apply a Content‑Security‑Policy header that forbids inline scripts or render the README within an iframe that has sandbox attributes; alternatively run a client‑side sanitizer like DOMPurify before inserting the HTML.

Generated by OpenCVE AI on June 25, 2026 at 00:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w7cg-whh7-xp28 SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
History

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Siyuan
Siyuan siyuan
Vendors & Products Siyuan
Siyuan siyuan

Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0.
Title SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
Weaknesses CWE-184
CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T18:43:38.331Z

Reserved: 2026-06-11T18:24:35.097Z

Link: CVE-2026-54070

cve-icon Vulnrichment

Updated: 2026-06-26T18:14:38.423Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T13:15:03Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')