CVE-2026-23645 (GCVE-0-2026-23645)
Vulnerability from cvelistv5 – Published: 2026-01-16 19:20 – Updated: 2026-01-16 21:37
VLAI?
Title
SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload
Summary
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| siyuan-note | siyuan |
Affected:
< 3.5.4-dev2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T21:37:47.881335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:37:58.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "siyuan",
"vendor": "siyuan-note",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.4-dev2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:20:06.744Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j"
},
{
"name": "https://github.com/siyuan-note/siyuan/issues/16844",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/siyuan-note/siyuan/issues/16844"
},
{
"name": "https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388"
}
],
"source": {
"advisory": "GHSA-pcjq-j3mq-jv5j",
"discovery": "UNKNOWN"
},
"title": "SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23645",
"datePublished": "2026-01-16T19:20:06.744Z",
"dateReserved": "2026-01-14T16:08:37.484Z",
"dateUpdated": "2026-01-16T21:37:58.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23645\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-16T20:15:49.880\",\"lastModified\":\"2026-01-16T20:15:49.880\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/siyuan-note/siyuan/issues/16844\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23645\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-16T21:37:47.881335Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-16T21:37:54.255Z\"}}], \"cna\": {\"title\": \"SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload\", \"source\": {\"advisory\": \"GHSA-pcjq-j3mq-jv5j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"siyuan-note\", \"product\": \"siyuan\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.5.4-dev2\"}]}], \"references\": [{\"url\": \"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j\", \"name\": \"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/siyuan-note/siyuan/issues/16844\", \"name\": \"https://github.com/siyuan-note/siyuan/issues/16844\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388\", \"name\": \"https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-16T19:20:06.744Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-23645\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-16T21:37:58.336Z\", \"dateReserved\": \"2026-01-14T16:08:37.484Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-16T19:20:06.744Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-23645
Vulnerability from fkie_nvd - Published: 2026-01-16 20:15 - Updated: 2026-01-16 20:15
Severity ?
Summary
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2."
}
],
"id": "CVE-2026-23645",
"lastModified": "2026-01-16T20:15:49.880",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-16T20:15:49.880",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/siyuan-note/siyuan/issues/16844"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-PCJQ-J3MQ-JV5J
Vulnerability from github – Published: 2026-01-16 19:22 – Updated: 2026-01-16 21:56
VLAI?
Summary
SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload
Details
Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session.
Details
The application allows authenticated users to upload files, including .svg images, without sanitizing the input to remove embedded JavaScript code (such as tags or event handlers).
PoC
- Create a new "Daily note" in the workspace.
- Create a file named test.svg with malicious JavaScript inside:
<svg xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 124 124" fill="none">
<rect width="124" height="124" rx="24" fill="red"/>
<script type="text/javascript">
alert(window.origin);
</script>
</svg>
- Upload a file in current daily note:
-
Open the file:
-
Right-click the uploaded asset in the note.
- Select "Export"
- The JavaScript code executes immediately.
Impact
The vulnerability allows to upload an SVG file containing malicious scripts. When a user exports this file, the embedded arbitrary JavaScript code is executed within their browser context
Notes
Tested version:
Solution
https://github.com/siyuan-note/siyuan/issues/16844
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260116101155-11115da3d0de"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23645"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-16T19:22:08Z",
"nvd_published_at": "2026-01-16T20:15:49Z",
"severity": "MODERATE"
},
"details": "### Summary\nA Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session.\n\n### Details\nThe application allows authenticated users to upload files, including .svg images, without sanitizing the input to remove embedded JavaScript code (such as \u003cscript\u003e tags or event handlers).\n\n### PoC\n1. Create a new \"Daily note\" in the workspace.\n\u003cimg width=\"1287\" height=\"572\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3a4389b9-695d-4e1b-94dc-72efdb047aa9\" /\u003e\n2. Create a file named test.svg with malicious JavaScript inside:\n\n```\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" width=\"200\" height=\"200\" viewBox=\"0 0 124 124\" fill=\"none\"\u003e\n\u003crect width=\"124\" height=\"124\" rx=\"24\" fill=\"red\"/\u003e\n \u003cscript type=\"text/javascript\"\u003e \n alert(window.origin);\n \u003c/script\u003e\n\u003c/svg\u003e\n```\n3. Upload a file in current daily note:\n\u003cimg width=\"1617\" height=\"316\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6e14318a-08ec-48e5-b278-9174ad17cfcb\" /\u003e\n\u003cimg width=\"1482\" height=\"739\" alt=\"image\" src=\"https://github.com/user-attachments/assets/95c996e8-5591-436a-9467-ab56c9ffbde0\" /\u003e\n\u003cimg width=\"1321\" height=\"548\" alt=\"image\" src=\"https://github.com/user-attachments/assets/249fb187-3caa-4372-a9c9-56dfda6b8a8f\" /\u003e\n4. Open the file:\n\n- Right-click the uploaded asset in the note.\n- Select \"Export\"\n\u003cimg width=\"934\" height=\"718\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ec943dfa-92ba-47f6-8b1e-56e53f1b0ca6\" /\u003e\n5. The JavaScript code executes immediately.\n\u003cimg width=\"1033\" height=\"632\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a1611291-d333-4f8e-9da9-62104aaa1bdd\" /\u003e\n\u003cimg width=\"1381\" height=\"641\" alt=\"image\" src=\"https://github.com/user-attachments/assets/d5018203-dbd0-4285-8702-8cb3e7c5cd07\" /\u003e\n\n### Impact\nThe vulnerability allows to upload an SVG file containing malicious scripts. When a user exports this file, the embedded arbitrary JavaScript code is executed within their browser context\n\n### Notes\nTested version: \n\u003cimg width=\"1440\" height=\"534\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a62271e4-6850-4f59-be88-c4f8055429c0\" /\u003e\n\n### Solution\n\nhttps://github.com/siyuan-note/siyuan/issues/16844",
"id": "GHSA-pcjq-j3mq-jv5j",
"modified": "2026-01-16T21:56:47Z",
"published": "2026-01-16T19:22:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-pcjq-j3mq-jv5j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23645"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/issues/16844"
},
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/commit/11115da3d0de950593ee4ce375cf7f9018484388"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…