Vulnerability Description
A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| B3Log | Siyuan | 3.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/siyuan-note/siyuan/issues/11650Issue Tracking
- https://github.com/siyuan-note/siyuan/issues/11949ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.271993Permissions RequiredVDB Entry
- https://vuldb.com/?id.271993Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.372629Third Party AdvisoryVDB Entry
- https://github.com/siyuan-note/siyuan/issues/11650Issue Tracking
- https://github.com/siyuan-note/siyuan/issues/11949ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.271993Permissions RequiredVDB Entry
- https://vuldb.com/?id.271993Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.372629Third Party AdvisoryVDB Entry
FAQ
What is CVE-2024-6938?
CVE-2024-6938 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulati...
How severe is CVE-2024-6938?
CVE-2024-6938 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6938?
Check the references section above for vendor advisories and patch information. Affected products include: B3Log Siyuan.