2 matches found
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists in registerResourceRoutes function at resource.go due to insufficient checks on external resources which allows an attacker to inject and execute arbitrary javascript...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to cross-site scripting. The vulnerability exists in the registerResourceRoutes function in resource.go because memos allow users to upload a file and make it public to others which may allow an attacker to gain access to potentially sensitive information...