A high-severity XSS vulnerability in SiYuan’s database cell rendering allows for remote code execution on Electron-based desktop clients through weaponized attribute-view data.

The application fails to properly sanitize cell content in attribute-view rendering, allowing an attacker to inject malicious payloads into text, URL, phone, or mAsset fields. This leads to arbitrary JavaScript execution in the renderer process, which, due to nodeIntegration:true in Electron, results in host-level RCE.

With a CVSS score of 9.9, this vulnerability poses a severe threat, enabling attackers to compromise the entire host operating system. Successful exploitation allows for persistent access to the victim's machine, potentially leading to the theft of sensitive proprietary knowledge and credentials stored within the application or on the local device.

Immediate Action: Patch SiYuan to version 3.7.0 or higher to implement mandatory input sanitization for database cell rendering.

Proactive Monitoring: Monitor workspace synchronization logs for unusual cell content or patterns that deviate from standard data entry.

Compensating Controls: Restrict collaborative editing access in shared workspaces to trusted individuals only until patches are fully deployed.

Public Exploit Available: No

The ability to trigger RCE via simple data entry makes this a critical security priority. System administrators must ensure that all instances are updated to the latest version to prevent malicious actors from leveraging synced workspaces as an attack vector.