SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0.
Metrics
Affected Vendors & Products
References
History
Thu, 25 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 25 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Siyuan
Siyuan siyuan |
|
| Vendors & Products |
Siyuan
Siyuan siyuan |
Wed, 24 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0. | |
| Title | SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-24T21:20:42.004Z
Updated: 2026-06-25T13:20:40.202Z
Reserved: 2026-06-04T20:37:18.654Z
Link: CVE-2026-50551
Updated: 2026-06-25T13:20:36.686Z
No data.
No data.