github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer
function in server.go
, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website while they are logged in, and perform actions on behalf of the victim, such as creating or modifying memos.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.9.0 | |
github.com/usememos/memos | le | v0.9.0 |