2 matches found
CVE-2022-25978
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...
CVE-2022-25978
CVE-2022-25978 affects all versions of github.com/usememos/memos/server. The root cause is insufficient checks on external resources, allowing attackers to introduce links starting with the javascript: scheme and trigger Cross-site Scripting (XSS). The provided documents consistently describe XSS...