We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS (via the file write).
Arbitrary file write
Elleuch-x1 Reporter
Summary
The /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored XSS (via the file write).
Impact
Arbitrary file write