Lucene search
Veracode Vulnerability DatabaseVERACODE:38732HistoryJan 02, 2023 - 5:37 p.m.
Cross-site Scripting (XSS)
2023-01-0217:37:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
vulnerable
stored
http responses
untrusted source
user session
0.001 Low
EPSS
Percentile
34.3%
github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. When the application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way, it allows an attacker to hijack the user’s session and take over the account…
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.9.0 | |
| github.com/usememos/memos | le | v0.9.0 |
Related
cvelist
cvelist
CVE-2022-4866 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-31 00:00:00
prion
prion
Cross site scripting
2022-12-31 09:15:00
huntr
huntr
Bypassing filters to trigger XSS while creating memos
2022-12-29 17:57:00
cve
cve
CVE-2022-4866
2022-12-31 09:15:11
nvd
nvd
CVE-2022-4866
2022-12-31 09:15:11
osv
osv
CVE-2022-4866
2022-12-31 09:15:11
usememos/memos vulnerable to Cross-site Scripting
2022-12-31 09:30:42
github
github
usememos/memos vulnerable to Cross-site Scripting
2022-12-31 09:30:42