506 matches found
GHSA-J2GJ-G3P9-7MRR Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit c9aa2eeb9 access tokens which fail validation are rejected...
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit c9aa2eeb9 access tokens which fail validation are rejected...
CVE-2023-4697
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4698
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4696
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4697 Improper Privilege Management in usememos/memos
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4698 Improper Input Validation in usememos/memos
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4698 Improper Input Validation in usememos/memos
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4697 Improper Privilege Management in usememos/memos
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4697
CVE-2023-4697 affects the open-source project memos (GitHub: usememos/memos) prior to version 0.13.2. The root cause is improper privilege management within the application, leading to likely privilege escalation. The CVSS base metrics indicate HIGH impact to confidentiality, integrity, and avail...
CVE-2023-4698
CVE-2023-4698 affects usememos/memos prior to 0.13.2. The connected exploit doc describes a Local File Inclusion (LFI) via an inadequate validation of InternalPath, enabling access to server files (post-auth or remote code execution risks are implied by LFI in the blog). Public advisories consist...
CVE-2023-4696 Improper Access Control in usememos/memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4696 Improper Access Control in usememos/memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...
CVE-2023-4696
CVE-2023-4696 — Affected: usememos/memos before version 0.13.2. Root cause: improper access control in the GitHub-hosted project. Impact: high/critical confidentiality, integrity, and availability risk per CVSS (NVD 3.1: 9.8; CRITICAL). Exploitation details are not provided in the connected docs....
PT-2023-30275 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.13.2 Description: The issue concerns improper privilege management. It is estimated that a significant number of devices may be affected, but the exact number is not specified. There is no information provid...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists in registerResourceRoutes function at resource.go due to insufficient checks on external resources which allows an attacker to inject and execute arbitrary javascript...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in registerResourcePublicRoutes function at resource.go because the resources upload feature does not restrict the type of uploaded file, allowing an attacker to inject and execute arbitrary...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists registerResourcePublicRoutes function at resource.go because the default-src in CSP is not properly configured which allows an attacker to bypass the CSP, inject and execute arbitrary javascript...
GHSA-9W8X-5HV5-R6GW Cross Site Scripting in usememos/memos
All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...
Cross Site Scripting in usememos/memos
All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...