CVE-2023-0109

Stored XSS in usememos/memos

CVSS 9.8 CRITICALEPSS 0.4%CWE-79

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

usememos · usememos/memos

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e