CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0109

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e

Products affected by CVE-2023-0109

Usememos » Memos » Version: 0.9.1

cpe:2.3:a:usememos:memos:0.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0109

Products

Pricing

Contact Us