1 matches found
SiYuan has an arbitrary file write in the host via /api/asset/upload
Summary The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS via the file write. Impact Arbitrary file write...