Cross-Site Scripting Vulnerability in Memos Server by Use Memos
CVE-2022-25978

6.1MEDIUM

Key Information:

Vendor: Usememos
Status: Github.com/usememos/memos/server
Vendor: CVE Published:; 15 February 2023

What is CVE-2022-25978?

The Memos Server, developed by Use Memos, is exposed to Cross-Site Scripting (XSS) vulnerabilities across all versions due to inadequate validation of external resources. This flaw could allow attackers to inject malicious scripts by leveraging links that utilize the 'javascript:' scheme. Such vulnerabilities can lead to serious security breaches, enabling unauthorized actions on behalf of unsuspecting users. Immediate action is necessary to secure applications against potential exploitation.

Affected Version(s)

github.com/usememos/memos/server 0

References

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEM...

https://github.com/usememos/memos/commit/b11d2130a084385e...

https://github.com/usememos/memos/issues/1026

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Feb 24, 2022

Credit

Kahla