CVE-2026-23847

MEDIUM4.6EPSS 0.07%

SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel

Published: 1/21/2026Modified: 3/3/2026

Description

SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel

Go/github.com/siyuan-note/siyuan/kernelfrom 0, < 0.0.0-20260118021606-5c0cc375b475
Go/github.com/siyuan-note/siyuan/kernelfrom 0, < 0.0.0-20260118021606-5c0cc375b475

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
osv	CVSS 3.1	MEDIUM4.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N