Description
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0.
Published: 2026-06-24
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw in SiYuan’s Bazaar package system. The kernel renders a package README from Markdown to HTML using the lute engine with a sanitizer that blocks only legacy event attributes, allowing modern event handler attributes to slip through unchanged. The rendered HTML is injected into the main document without further sanitization or CSP headers, so an attacker can embed JavaScript that executes in the context of an administrator’s authenticated session when that administrator opens or interacts with a malicious package in the marketplace. This provides the attacker full control over the workspace, enabling arbitrary code execution, data exfiltration, or manipulation of the user’s environment.

Affected Systems

The issue affects the SiYuan Note application (siyuan-note:siyuan) running any version earlier than 3.7.0. The fix was introduced in 3.7.0 and newer releases are not impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑risk scenario, though there is no EPSS score available to determine current exploitation probability and the vulnerability is not listed in CISA KEV. Exploitation requires uploading or installing a malicious Bazaar package that contains a README with an event handler attribute such as onpointerover or onfocusin. Because the rendered README is inserted into the main document, the attack is achievable without a separate iframe or sandbox, and does not require the user to view external content. The likely attack path is a third‑party package author submitting malware to the Bazaar marketplace, which a privileged administrator may open and interact with, triggering the embedded script. Therefore, administrators should treat this as a high‑risk XSS that can lead to remote code execution.

Generated by OpenCVE AI on June 24, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SiYuan to version 3.7.0 or later to remove the unsafe rendering path.
  • If an immediate upgrade is not possible, block or restrict access to the Bazaar marketplace or avoid installing third‑party packages from untrusted authors.
  • As a temporary measure, apply a Content‑Security‑Policy header that forbids inline scripts or render the README within an iframe that has sandbox attributes; alternatively run a client‑side sanitizer like DOMPurify before inserting the HTML.

Generated by OpenCVE AI on June 24, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0.
Title SiYuan: Stored XSS in Bazaar marketplace via package README event handlers
Weaknesses CWE-184
CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T21:18:24.160Z

Reserved: 2026-06-11T18:24:35.097Z

Link: CVE-2026-54070

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T22:30:15Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')