Filtered by vendor Usememos Subscriptions
Total 67 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25978 1 Usememos 1 Memos 2025-03-18 5.4 Medium
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2024-29029 2 Memos, Usememos 2 Memos, Memos 2025-01-02 6.1 Medium
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
CVE-2023-5036 1 Usememos 1 Memos 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
CVE-2023-4698 1 Usememos 1 Memos 2024-11-21 7.5 High
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4697 1 Usememos 1 Memos 2024-11-21 8.8 High
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4696 1 Usememos 1 Memos 2024-11-21 9.8 Critical
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-0109 1 Usememos 1 Memos 2024-11-19 5.4 Medium
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.