B3log: Security Vulnerabilities
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-11-29
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-29
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-11-29
A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-07-21
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-07-05
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-03
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
CVSS Score
9.0
EPSS Score
0.003
Published
2024-04-04
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
CVSS Score
9.8
EPSS Score
0.038
Published
2024-02-05
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-02-21
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-31