Lucene search
Veracode Vulnerability DatabaseVERACODE:38745HistoryJan 03, 2023 - 8:47 a.m.
Cross-site Scripting (XSS)
2023-01-0308:47:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
vulnerability
github
cross-site scripting
svg
file uploads
malicious javascript
0.001 Low
EPSS
Percentile
20.3%
github.com/usememos/memos is vulnerable to stored cross-site scripting attacks. When a user uploads a file with .svg extension with direct access, the server response with content-type: image/svg+xml leading to processing SVG as HTML, allowing an attacker to inject malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.8.3 | |
| github.com/usememos/memos | le | v0.8.3 |
Related
github
github
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-27 15:30:19
cve
cve
CVE-2022-4691
2022-12-27 15:15:11
huntr
huntr
Cross-site scripting - Stored via upload `.svg` file in
2022-12-20 11:32:15
prion
prion
Cross site scripting
2022-12-27 15:15:00
osv
osv
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-27 15:30:19
CVE-2022-4691
2022-12-27 15:15:11
nvd
nvd
CVE-2022-4691
2022-12-27 15:15:11
cvelist
cvelist
CVE-2022-4691 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-23 00:00:00