关键漏洞信息 漏洞类型: Stored XSS via Suggested Tags CVE ID: CVE-2026-24476 CVSS Severity: Moderate Affected Versions: =0.16.0 漏洞描述 Summary Crafting a malicious tag which starts with prematurely ends the tag on the start page and allows an attacker to add arbitrary HTML, leading to a possible XSS attack. Details Adding a tag such as: to any note or link causes the tag that is used on the page to suggest existing tags to be ended, allowing an attacker to inject arbitrary HTML. Attack Vector An attacker could create a malicious Netscape-style bookmarks file and trick the user into importing it, triggering the XSS attack. Impact This vulnerability represents a stored XSS issue, which can be exploited by an attacker to perform actions on behalf of other users or steal sensitive data. 漏洞细节 CVSS v4 Base Metrics - Exploitability Metrics - Attack Vector: Local - Attack Complexity: High - Attack Requirements: None - Privileges Required: High - User Interaction: Active - Vulnerable System Impact Metrics - Confidentiality: High - Integrity: High - Availability: None - Subsequent System Impact Metrics - Confidentiality: None - Integrity: None - Availability: None