THREAT OPS › Threat News › [GHSA] GHSA-5xfx-xj4h-5p7r (critical) — SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()
[GHSA] GHSA-5xfx-xj4h-5p7r (critical) — SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()
GHSA-5xfx-xj4h-5p7r Severity: critical CVE: CVE-2026-54158
SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()
### Summary
The attribute-view (database) cell renderer `genAVValueHTML` interpolates cell content raw in four of its branches: `text`, `url`, `phone`, and `mAsset`. A cell value like `</textarea><img src=x onerror="...">` or `"><img src=x onerror="...">` br
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-54158cve
Original source: https://github.com/advisories/GHSA-5xfx-xj4h-5p7r