PT-2024-21583 · Siyuan · Siyuan
Carlos Bello
·
Published
2024-04-04
·
Updated
2025-06-17
·
CVE-2024-2692
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SiYuan version 3.0.3
Description
The issue allows executing arbitrary commands on the server due to the application being vulnerable to Server Side XSS.
Recommendations
For SiYuan version 3.0.3, update to a version that fixes the Server Side XSS issue to prevent arbitrary command execution on the server.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siyuan