8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.3%
memos is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient checks in the following /o/get/image?url=
endpoint which is used to fetch external images. This can be exploited by the attacker to fetch malicious external image such as svg file and execute malicious javascript at the client side.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | 0.15.0 | |
github.com/usememos/memos | le | 0.15.0 |