20 matches found
Cross-Origin Resource Sharing (CORS) Bypass
github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...
GO-2022-1251 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-1253 usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos...
GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...
GO-2022-1215 usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos...
GO-2022-1218 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2023-1461 usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos
usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos...
GO-2024-3046 memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos...
Privilege Escalation
github.com/usememos/memos is vulnerable to Privilege Escalation. The vulnerability exists in JWTMiddleware function at jwt.go due to improper admin privileges which allows an attacker to view high privilege user Admin PRIVATE POST...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists in registerResourceRoutes function at resource.go due to insufficient checks on external resources which allows an attacker to inject and execute arbitrary javascript...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in registerResourcePublicRoutes function at resource.go because the resources upload feature does not restrict the type of uploaded file, allowing an attacker to inject and execute arbitrary...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists registerResourcePublicRoutes function at resource.go because the default-src in CSP is not properly configured which allows an attacker to bypass the CSP, inject and execute arbitrary javascript...
CVE-2022-25978
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...
Cross site scripting
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. An attacker is able to inject and execute malicious javascript via the create post functionality...
Denial Of Service (DoS)
github.com/usememos/memos is vulnerable to denial of service attacks. A malicious user is able to pass a huge number of characters through the Nickname parameter, causing the application to crash through the POST request...
Improper Authentication
github.com/usememos/memos is vulnerable to improper authentication. The vulnerability allows a remote attacker to use the Reset API on any user without consent via IDOR...
Information Disclosure
github.com/usememos/memos is vulnerable to information disclosure. A remote authenticated attacker is able to view any content from private memos from other users via the API...
Cross-site Request Forgery (CSRF)
github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer function in server.go, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website whil...
Cross-Site Scripting (XSS)
github.com/usememos/memos is vulnerability to Cross-Site Scripting XSS. The vulnerability exists in server.go because when a svg file containing malicious data is uploaded it will not filter the content of the uploaded files and will be triggered when the user accesses...