Guchangan1

**Name of the Vulnerable Software and Affected Versions** SiYuan version 3.1.0 **Description** A vulnerability has been found in the PDF Handler component, specifically in the file PDF.js, which can lead to cross-site scripting. The attack can be launched remotely. The issue affects an unknown functionality of the PDF.js file. **Recommendations** For SiYuan version 3.1.0, consider disabling the PDF Handler component or restricting access to the PDF.js file until a patch is available. As a temporary workaround, avoid using the PDF Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.