All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-15
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
CVSS Score
7.6
EPSS Score
0.001
Published
2023-01-07
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-12-31
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVSS Score
8.3
EPSS Score
0.002
Published
2022-12-31
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-12-30