Lucene search
Veracode Vulnerability DatabaseVERACODE:38688HistoryDec 30, 2022 - 8:06 a.m.
Cross-site Request Forgery (CSRF)
2022-12-3008:06:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
cross-site request forgery
newserver function
github.com/usememos/memos
csrf attack
authenticated users
malicious link
malicious website
create memos
modify memos
software
0.001 Low
EPSS
Percentile
29.6%
github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer function in server.go, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website while they are logged in, and perform actions on behalf of the victim, such as creating or modifying memos.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.9.0 | |
| github.com/usememos/memos | le | v0.9.0 |
Related
cve
cve
CVE-2022-4850
2022-12-29 18:15:10
osv
osv
CVE-2022-4850
2022-12-29 18:15:10
usememos/memos Cross-Site Request Forgery vulnerability
2022-12-29 18:30:24
nvd
nvd
CVE-2022-4850
2022-12-29 18:15:10
github
github
usememos/memos Cross-Site Request Forgery vulnerability
2022-12-29 18:30:24
prion
prion
Cross site request forgery (csrf)
2022-12-29 18:15:00
cvelist
cvelist
CVE-2022-4850 Cross-Site Request Forgery (CSRF) in usememos/memos
2022-12-29 00:00:00
huntr
huntr
Cross Site Request Forgery in Create a Memo Functionality (POST /api/memo)
2022-12-27 15:38:00
cnvd
cnvd
memos cross-site request forgery vulnerability (CNVD-2023-04536)
2023-01-03 00:00:00