3 matches found
CVE-2026-54158
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...
CVE-2026-50551
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...
PT-2026-52111
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The attribute-view cell renderer genAVValueHTML fails to properly sanitize cell content in the text, url, phone, and mAsset branches. This allows an attacker with write access to a synced workspace to...