CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
21.8%
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. This was patched in version 0.9.0.
github.com/advisories/GHSA-c8jh-vcjh-fx2w
github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e
github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82
github.com/usememos/memos/pull/833
huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335
nvd.nist.gov/vuln/detail/CVE-2022-4690