SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset Field” enabled. The vulnerable code accepts arbitrary http(s) URLs without extensions as images, stores the attacker-controlled string in coverURL, and injects it directly into an <img src="..."> attribute without escaping. In the Electron desktop client, the injected JavaScript executes with nodeIntegration enabled and contextIsolation disabled, so the XSS reaches arbitrary OS command execution under the victim’s account. This issue has been patched in version 3.6.2.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

SiYuan 代码注入漏洞

SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.6.2之前版本存在代码注入漏洞，该漏洞源于Attribute View mAsse字段中恶意URL未经验证，可能导致存储型跨站脚本攻击，进而执行任意操作系统命令。

N/A

N/A