2 matches found
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in registerResourcePublicRoutes function at resource.go because the resources upload feature does not restrict the type of uploaded file, allowing an attacker to inject and execute arbitrary...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the registerResourcePublicRoutes function of resource.go, which allows an attacker to inject and execute malicious javascript by uploading a malicious pdf...