Lucene search
K

506 matches found

OSV
OSV
added 2023/09/01 3:30 a.m.11 views

GHSA-J2GJ-G3P9-7MRR Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit c9aa2eeb9 access tokens which fail validation are rejected...

9.8CVSS9.5AI score0.00899EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/01 3:30 a.m.25 views

Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit c9aa2eeb9 access tokens which fail validation are rejected...

9.8CVSS7AI score0.00899EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/09/01 1:15 a.m.32 views

CVE-2023-4697

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

8.8CVSS8.8AI score0.00701EPSS
Exploits1References2
NVD
NVD
added 2023/09/01 1:15 a.m.22 views

CVE-2023-4698

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...

7.5CVSS7.5AI score0.00759EPSS
Exploits2References2
NVD
NVD
added 2023/09/01 1:15 a.m.30 views

CVE-2023-4696

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...

9.8CVSS9.6AI score0.00899EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/01 12:0 a.m.10 views

CVE-2023-4697 Improper Privilege Management in usememos/memos

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

8.8CVSS6.8AI score0.00701EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/01 12:0 a.m.26 views

CVE-2023-4698 Improper Input Validation in usememos/memos

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...

7.5CVSS7.8AI score0.00759EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/09/01 12:0 a.m.11 views

CVE-2023-4698 Improper Input Validation in usememos/memos

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2...

7.5CVSS7.1AI score0.00759EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/09/01 12:0 a.m.37 views

CVE-2023-4697 Improper Privilege Management in usememos/memos

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2...

8.8CVSS9AI score0.00701EPSS
Exploits1References2
CVE
CVE
added 2023/09/01 12:0 a.m.125 views

CVE-2023-4697

CVE-2023-4697 affects the open-source project memos (GitHub: usememos/memos) prior to version 0.13.2. The root cause is improper privilege management within the application, leading to likely privilege escalation. The CVSS base metrics indicate HIGH impact to confidentiality, integrity, and avail...

8.8CVSS8.7AI score0.00701EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/01 12:0 a.m.118 views

CVE-2023-4698

CVE-2023-4698 affects usememos/memos prior to 0.13.2. The connected exploit doc describes a Local File Inclusion (LFI) via an inadequate validation of InternalPath, enabling access to server files (post-auth or remote code execution risks are implied by LFI in the blog). Public advisories consist...

7.5CVSS7.5AI score0.00759EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/01 12:0 a.m.10 views

CVE-2023-4696 Improper Access Control in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...

9.8CVSS7.1AI score0.00899EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/01 12:0 a.m.27 views

CVE-2023-4696 Improper Access Control in usememos/memos

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2...

9.8CVSS9.8AI score0.00899EPSS
Exploits0References2
CVE
CVE
added 2023/09/01 12:0 a.m.124 views

CVE-2023-4696

CVE-2023-4696 — Affected: usememos/memos before version 0.13.2. Root cause: improper access control in the GitHub-hosted project. Impact: high/critical confidentiality, integrity, and availability risk per CVSS (NVD 3.1: 9.8; CRITICAL). Exploitation details are not provided in the connected docs....

9.8CVSS9.5AI score0.00899EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.2 views

PT-2023-30275 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.13.2 Description: The issue concerns improper privilege management. It is estimated that a significant number of devices may be affected, but the exact number is not specified. There is no information provid...

8.8CVSS8.8AI score0.00701EPSS
Exploits1References11
Veracode
Veracode
added 2023/07/28 9:26 a.m.13 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists in registerResourceRoutes function at resource.go due to insufficient checks on external resources which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS6.8AI score0.00534EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/07/28 9:16 a.m.15 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in registerResourcePublicRoutes function at resource.go because the resources upload feature does not restrict the type of uploaded file, allowing an attacker to inject and execute arbitrary...

5.4CVSS6.8AI score0.00575EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/07/28 9:1 a.m.17 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists registerResourcePublicRoutes function at resource.go because the default-src in CSP is not properly configured which allows an attacker to bypass the CSP, inject and execute arbitrary javascript...

5.4CVSS6.8AI score0.00498EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/02/15 6:30 a.m.28 views

GHSA-9W8X-5HV5-R6GW Cross Site Scripting in usememos/memos

All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...

6.1CVSS5.5AI score0.00534EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/02/15 6:30 a.m.17 views

Cross Site Scripting in usememos/memos

All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...

6.1CVSS5.9AI score0.00534EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder