Cross-site Scripting (XSS) - Stored in usememos/memos
CVE-2023-0106

9CRITICAL

Key Information:

Vendor: Usememos
Status: Usememos/memos
Vendor: CVE Published:; 7 January 2023

Summary

The Memos product developed by usememos is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing an attacker to inject malicious scripts into the application. This issue arises in versions prior to 0.10.0 and can lead to unauthorized access and manipulation of user data. Users should upgrade to the latest version to mitigate potential risks and enhance security.

Affected Version(s)

usememos/memos < 0.10.0

References

https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625f...

https://github.com/usememos/memos/commit/0f8ce3dd1696722f...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2023
Vulnerability Reserved
Jan 7, 2023