github.com/usememos/memos is vulnerable to cross site scripting. The vulnerability exists in the NewServer
function of server.go
because of a image direct link due to improper user-input sanitization by uploading a malicious svg file.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.8.3 | |
github.com/usememos/memos | le | v0.8.3 |