CVE-2026-56397
SiYuan Bazaar Marketplace XSS Leads to Remote Code Execution.
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in SiYuan's Bazaar marketplace allows attackers to inject malicious HTML and JavaScript into package details. This can lead to remote code execution on user systems when the marketplace is browsed, potentially enabling attackers to run OS commands. The risk is to users who interact with the application'