THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-5xfx-xj4h-5p7r (critical) — SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

[GHSA] GHSA-5xfx-xj4h-5p7r (critical) — SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

medgithub_advisoriesPublished 2026-07-10

GHSA-5xfx-xj4h-5p7r Severity: critical CVE: CVE-2026-54158

SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

### Summary

The attribute-view (database) cell renderer `genAVValueHTML` interpolates cell content raw in four of its branches: `text`, `url`, `phone`, and `mAsset`. A cell value like `</textarea><img src=x onerror="...">` or `"><img src=x onerror="...">` br

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-5xfx-xj4h-5p7r