{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/siyuan-note/siyuan--3.6.5/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-54070"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["siyuan-note/siyuan (\u003c= 3.6.5)","go/github.com/siyuan-note/siyuan/kernel (\u003c 0.0.0-20260628153353-2d5d72223df4)","b3log/siyuan (3.6.5)"],"_cs_severities":["high"],"_cs_tags":["xss","web-vulnerability","code-execution","credential-theft","si-yuan"],"_cs_type":"advisory","_cs_vendors":["siyuan-note","B3log"],"content_html":"\u003cp\u003eA critical stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-54070) has been identified in SiYuan, a note-taking application, affecting versions up to 3.6.5. This flaw allows a malicious third-party package author to inject arbitrary JavaScript into package READMEs displayed within SiYuan's Bazaar marketplace. The \u003ccode\u003elute\u003c/code\u003e rendering engine's sanitizer, used to convert Markdown READMEs to HTML, employs an incomplete blocklist for event handlers, inadvertently permitting modern handlers like \u003ccode\u003eonpointerover\u003c/code\u003e, \u003ccode\u003eonpointerdown\u003c/code\u003e, and \u003ccode\u003eonanimationstart\u003c/code\u003e to bypass sanitization. When an Administrator, who has accepted the marketplace trust consent, views such a crafted package README in the marketplace and interacts with it (e.g., hovering the mouse), the embedded JavaScript executes within their authenticated session. This can lead to the theft of the kernel API token, which grants full Administrator API access, and potentially escalates to full control over the SiYuan workspace through actions like installing further malicious plugins. The vulnerability is exacerbated by the absence of client-side DOMPurify processing and crucial server-side security headers like Content-Security-Policy (CSP) on HTTP responses.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious third-party package author crafts a \u003ccode\u003eREADME.md\u003c/code\u003e file containing an unsanitized HTML event handler (e.g., \u003ccode\u003eonpointerover\u003c/code\u003e) and a JavaScript payload designed to execute in the Administrator's browser.\u003c/li\u003e\n\u003cli\u003eThe malicious package, including the crafted \u003ccode\u003eREADME.md\u003c/code\u003e, is submitted to and made available on the SiYuan Bazaar marketplace.\u003c/li\u003e\n\u003cli\u003eA SiYuan Administrator, with marketplace trust consent (\u003ccode\u003ebazaar.trust\u003c/code\u003e) enabled, navigates to \u0026quot;Settings → Marketplace\u0026quot; to browse community packages.\u003c/li\u003e\n\u003cli\u003eThe SiYuan kernel fetches the package README for display via an API endpoint like \u003ccode\u003e/api/bazaar/getBazaarPackageREADME\u003c/code\u003e or \u003ccode\u003egetInstalledPlugin\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003elute\u003c/code\u003e rendering engine processes the Markdown README to HTML, but its \u003ccode\u003eSetSanitize(true)\u003c/code\u003e configuration, using an incomplete event handler blocklist, fails to remove the malicious \u003ccode\u003eonpointerover\u003c/code\u003e attribute and the embedded JavaScript.\u003c/li\u003e\n\u003cli\u003eThe rendered HTML, now containing the active malicious JavaScript, is assigned to \u003ccode\u003emdElement.innerHTML\u003c/code\u003e in the Administrator's browser within a plain DOM element, without any client-side DOMPurify or server-side security headers (CSP, X-Frame-Options) to mitigate XSS.\u003c/li\u003e\n\u003cli\u003eThe Administrator interacts with the package listing in the UI, for example, by hovering their mouse pointer over the displayed README content.\u003c/li\u003e\n\u003cli\u003eThe embedded JavaScript payload executes in the Administrator's authenticated SiYuan origin, leading to the theft of the kernel API token and granting the attacker full control over the workspace, including the ability to install further plugins.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-54070 results in unauthenticated JavaScript execution within the Administrator's authenticated SiYuan origin upon viewing a specially crafted package README and one subsequent user interaction. This leads directly to the theft of the kernel API token (\u003ccode\u003econf.api.token\u003c/code\u003e), which provides full administrative API access. With this token, attackers can achieve complete control over the SiYuan workspace, including installing malicious plugins, modifying data, or performing other unauthorized actions, effectively compromising the integrity and confidentiality of the entire SiYuan instance. A single malicious community package could compromise every instance whose administrator views its listing.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patch for CVE-2026-54070 to SiYuan instances when it becomes available, specifically ensuring the \u003ccode\u003esiyuan-note/siyuan\u003c/code\u003e application is updated past version 3.6.5 and the \u003ccode\u003ego/github.com/siyuan-note/siyuan/kernel\u003c/code\u003e component is beyond version \u003ccode\u003e0.0.0-20260628153353-2d5d72223df4\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement server-side HTTP security headers such as \u003ccode\u003eContent-Security-Policy\u003c/code\u003e (CSP), \u003ccode\u003eX-Frame-Options\u003c/code\u003e, and \u003ccode\u003eX-Content-Type-Options\u003c/code\u003e on the SiYuan kernel's HTTP responses to enhance client-side protection against XSS and similar attacks, as highlighted by the lack of these headers in the vulnerability analysis.\u003c/li\u003e\n\u003cli\u003eRestrict Administrator access to the Bazaar marketplace or implement a stringent review process for third-party packages to prevent the introduction of malicious content.\u003c/li\u003e\n\u003cli\u003eMonitor SiYuan API logs for unusual activity, particularly after administrators browse or interact with marketplace packages, looking for unauthorized \u003ccode\u003einstallBazaarPlugin\u003c/code\u003e calls or unexpected API token usage.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T19:42:04Z","date_published":"2026-07-10T19:42:04Z","id":"https://feed.craftedsignal.io/briefs/2026-07-siyuan-xss/","summary":"A stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-54070, affects SiYuan versions up to 3.6.5, allowing a malicious third-party package author to embed JavaScript in package READMEs via an incomplete HTML sanitizer's blocklist, which executes in an Administrator's authenticated browser session upon viewing and interacting with the crafted README in the Bazaar marketplace, leading to API token theft and potential full workspace control.","title":"SiYuan Stored XSS via Malicious Bazaar Package README","url":"https://feed.craftedsignal.io/briefs/2026-07-siyuan-xss/"}],"language":"en","title":"CraftedSignal Threat Feed - Siyuan-Note/Siyuan (\u003c= 3.6.5)","version":"https://jsonfeed.org/version/1.1"}