exploitDog

CVE-2024-2692

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 9

EPSS Низкий

Описание

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

Ссылки

https://fluidattacks.com/advisories/dezco/
Exploit
Third Party Advisory
https://github.com/siyuan-note/siyuan/
Product
https://fluidattacks.com/advisories/dezco/
Exploit
Third Party Advisory
https://github.com/siyuan-note/siyuan/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b3log:siyuan:3.0.3:-:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00297

Низкий

9 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-pgf5-9895-3ph9

CVSS3: 9.6

github

почти 2 года назад

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

EPSS

Процентиль: 53%

0.00297

Низкий

9 Critical

CVSS3

Дефекты

CWE-79