<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Siyuan-Note/Siyuan (&lt;= 3.6.5) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/siyuan-note/siyuan--3.6.5/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 10 Jul 2026 19:42:04 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/siyuan-note/siyuan--3.6.5/feed.xml" rel="self" type="application/rss+xml"/><item><title>SiYuan Stored XSS via Malicious Bazaar Package README</title><link>https://feed.craftedsignal.io/briefs/2026-07-siyuan-xss/</link><pubDate>Fri, 10 Jul 2026 19:42:04 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-siyuan-xss/</guid><description>A stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-54070, affects SiYuan versions up to 3.6.5, allowing a malicious third-party package author to embed JavaScript in package READMEs via an incomplete HTML sanitizer's blocklist, which executes in an Administrator's authenticated browser session upon viewing and interacting with the crafted README in the Bazaar marketplace, leading to API token theft and potential full workspace control.</description><content:encoded><![CDATA[<p>A critical stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-54070) has been identified in SiYuan, a note-taking application, affecting versions up to 3.6.5. This flaw allows a malicious third-party package author to inject arbitrary JavaScript into package READMEs displayed within SiYuan's Bazaar marketplace. The <code>lute</code> rendering engine's sanitizer, used to convert Markdown READMEs to HTML, employs an incomplete blocklist for event handlers, inadvertently permitting modern handlers like <code>onpointerover</code>, <code>onpointerdown</code>, and <code>onanimationstart</code> to bypass sanitization. When an Administrator, who has accepted the marketplace trust consent, views such a crafted package README in the marketplace and interacts with it (e.g., hovering the mouse), the embedded JavaScript executes within their authenticated session. This can lead to the theft of the kernel API token, which grants full Administrator API access, and potentially escalates to full control over the SiYuan workspace through actions like installing further malicious plugins. The vulnerability is exacerbated by the absence of client-side DOMPurify processing and crucial server-side security headers like Content-Security-Policy (CSP) on HTTP responses.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>A malicious third-party package author crafts a <code>README.md</code> file containing an unsanitized HTML event handler (e.g., <code>onpointerover</code>) and a JavaScript payload designed to execute in the Administrator's browser.</li>
<li>The malicious package, including the crafted <code>README.md</code>, is submitted to and made available on the SiYuan Bazaar marketplace.</li>
<li>A SiYuan Administrator, with marketplace trust consent (<code>bazaar.trust</code>) enabled, navigates to &quot;Settings → Marketplace&quot; to browse community packages.</li>
<li>The SiYuan kernel fetches the package README for display via an API endpoint like <code>/api/bazaar/getBazaarPackageREADME</code> or <code>getInstalledPlugin</code>.</li>
<li>The <code>lute</code> rendering engine processes the Markdown README to HTML, but its <code>SetSanitize(true)</code> configuration, using an incomplete event handler blocklist, fails to remove the malicious <code>onpointerover</code> attribute and the embedded JavaScript.</li>
<li>The rendered HTML, now containing the active malicious JavaScript, is assigned to <code>mdElement.innerHTML</code> in the Administrator's browser within a plain DOM element, without any client-side DOMPurify or server-side security headers (CSP, X-Frame-Options) to mitigate XSS.</li>
<li>The Administrator interacts with the package listing in the UI, for example, by hovering their mouse pointer over the displayed README content.</li>
<li>The embedded JavaScript payload executes in the Administrator's authenticated SiYuan origin, leading to the theft of the kernel API token and granting the attacker full control over the workspace, including the ability to install further plugins.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-54070 results in unauthenticated JavaScript execution within the Administrator's authenticated SiYuan origin upon viewing a specially crafted package README and one subsequent user interaction. This leads directly to the theft of the kernel API token (<code>conf.api.token</code>), which provides full administrative API access. With this token, attackers can achieve complete control over the SiYuan workspace, including installing malicious plugins, modifying data, or performing other unauthorized actions, effectively compromising the integrity and confidentiality of the entire SiYuan instance. A single malicious community package could compromise every instance whose administrator views its listing.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the security patch for CVE-2026-54070 to SiYuan instances when it becomes available, specifically ensuring the <code>siyuan-note/siyuan</code> application is updated past version 3.6.5 and the <code>go/github.com/siyuan-note/siyuan/kernel</code> component is beyond version <code>0.0.0-20260628153353-2d5d72223df4</code>.</li>
<li>Implement server-side HTTP security headers such as <code>Content-Security-Policy</code> (CSP), <code>X-Frame-Options</code>, and <code>X-Content-Type-Options</code> on the SiYuan kernel's HTTP responses to enhance client-side protection against XSS and similar attacks, as highlighted by the lack of these headers in the vulnerability analysis.</li>
<li>Restrict Administrator access to the Bazaar marketplace or implement a stringent review process for third-party packages to prevent the introduction of malicious content.</li>
<li>Monitor SiYuan API logs for unusual activity, particularly after administrators browse or interact with marketplace packages, looking for unauthorized <code>installBazaarPlugin</code> calls or unexpected API token usage.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>xss</category><category>web-vulnerability</category><category>code-execution</category><category>credential-theft</category><category>si-yuan</category></item></channel></rss>