Home
CRITICAL: 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HDefault status
unaffected
3.0.3
affected
Description
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
3.0.3
References
fluidattacks.com/advisories/dezco/
github.com/siyuan-note/siyuan/
fluidattacks.com/advisories/dezco/
github.com/siyuan-note/siyuan/
