GHSA-6FCF-G3MP-XJ2X memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

Server Side Request Forgery

github.com/usememos/memos is vulnerable to Server Side Request Forgery. The vulnerability is due to improper input validation at the /o/get/httpmeta endpoint in the file httpgetter.go, allowing unauthenticated users to enumerate the internal network and receive limited HTML values in JSON form...

CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

Cross-site Scripting (XSS)

docsify is vulnerable to cross-site scripting XSS. The vulnerability exists as HTML values from remote URLs found in the sidebar are not sanitized, and the isExternalurl on the value of the url can be bypassed with more / characters...

Scratch Addons Cross-Site Scripting Vulnerability

Scratch Addons is a plugin from the Scratch Addons community for providing theme changing functionality for browsers. The addon supports Chrome and Firefox browsers. A cross-site scripting vulnerability exists in Scratch Addons, which stems from the use of incorrect regular expressions, which can...