Lucene search
Veracode Vulnerability DatabaseVERACODE:38667HistoryDec 27, 2022 - 7:54 a.m.
Cross-Site Scripting (XSS)
2022-12-2707:54:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
github.com/usememos/memos
server.go
svg files
vulnerability
uploaded files
0.001 Low
EPSS
Percentile
20.3%
github.com/usememos/memos is vulnerability to Cross-Site Scripting (XSS). The vulnerability exists in server.go because when a svg file containing malicious data is uploaded it will not filter the content of the uploaded files and will be triggered when the user accesses.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.8.3 | |
| github.com/usememos/memos | le | v0.8.3 |
Related
cve
cve
CVE-2022-4692
2022-12-23 20:15:20
osv
osv
CVE-2022-4692
2022-12-23 20:15:20
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-23 21:30:18
nvd
nvd
CVE-2022-4692
2022-12-23 20:15:20
github
github
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-23 21:30:18
huntr
huntr
XSS by uploading svg files
2022-12-20 14:45:35
veracode
veracode
Cross-site Scripting (XSS)
2023-01-03 09:05:48
cvelist
cvelist
CVE-2022-4692 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-23 00:00:00
prion
prion
Cross site scripting
2022-12-23 20:15:00