Cross Site Scripting Vulnerability in Memos by usememos
CVE-2026-30586

6.1MEDIUM

Key Information:

Vendor

usememos

Status
Vendor
CVE Published:
2 June 2026

What is CVE-2026-30586?

The Memos application version 0.26.0 has a cross site scripting (XSS) vulnerability that permits remote attackers to exploit the SANITIZE_SCHEMA and Memo Rendering Component. This vulnerability can allow attackers to retrieve sensitive data through the Public and Private Memo View pages, potentially leading to unauthorized information disclosure.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.