7 matches found
usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. Thi...
GHSA-VWG4-846X-F94V usememos/memos vulnerable to improper authorization
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission...
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...
GHSA-W57V-6XP4-RM2V usememos/memos vulnerable to account takeover due to improper access control
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request...
GHSA-QCW2-492V-57XJ usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...
GHSA-C8JH-VCJH-FX2W usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. Thi...
GHSA-RGJ5-JJ5Q-V3V7 Memos Cross-site Scripting vulnerability
Memos, an open-source, self-hosted memo hub, is vulnerable to stored Cross-site Scripting XSS in versions 0.8.3 and prior. A patch is available and anticipated to be part of version 0.9.0...