All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
References
| Link | Resource |
|---|---|
| https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8 | Patch |
| https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8 | Patch |
| https://github.com/usememos/memos/issues/1026 | Exploit |
| https://github.com/usememos/memos/issues/1026 | Exploit |
| https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070 | Exploit Issue Tracking Patch Third Party Advisory |
| https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
18 Mar 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
| References | () https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8 - Patch | |
| References | () https://github.com/usememos/memos/issues/1026 - Exploit |
07 Nov 2023, 03:44
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. |
Information
Published : 2023-02-15 05:15
Updated : 2025-03-18 16:15
NVD link : CVE-2022-25978
Mitre link : CVE-2022-25978
JSON object : View
Products Affected
usememos
- memos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')