CVE-2024-2692

Description

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

PUBLISHED Reserved 2024-03-19 | Published 2024-04-04 | Updated 2025-05-19 | Assigner Fluid Attacks

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

References

fluidattacks.com/advisories/dezco/

github.com/siyuan-note/siyuan/

fluidattacks.com/advisories/dezco/

github.com/siyuan-note/siyuan/

cve.org (CVE-2024-2692)

nvd.nist.gov (CVE-2024-2692)

Download JSON