CVE-2024-2692 CRITICAL

CVE-2024-2692: SiYuan 3.0.3 - RCE via Server Side XSS

Vendor Siyuan
Product SiYuan
Weakness CWE-79 · XSS
Published April 4, 2024
Last update May 19, 2025

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

Key dates

02Disclosure timeline

April 4, 2024 CVE published
May 19, 2025 Record updated