CVE-2024-55659
CVE-2024-55659 affects SiYuan prior to version 3.1.16. The endpoint /api/asset/upload is vulnerable to arbitrary file write to the host and can enable stored cross-site scripting via the file write. A patch was released in version 3.1.16 to address the issue. Multiple connected sources (NVD, OSV,...