Product:

Memos

(Usememos)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 60
Date Id Summary Products Score Patch Annotated
2023-02-15 CVE-2022-25978 All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. Memos 6.1
2024-04-19 CVE-2024-29029 memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file. Memos 6.1
2022-12-19 CVE-2022-4609 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Memos 5.4
2022-12-23 CVE-2022-4684 Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Memos 8.8
2022-12-23 CVE-2022-4683 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. Memos 6.5
2022-12-23 CVE-2022-4686 Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. Memos 9.8
2022-12-23 CVE-2022-4688 Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. Memos 8.8
2022-12-23 CVE-2022-4687 Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. Memos 8.1
2022-12-23 CVE-2022-4689 Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Memos 8.8
2022-12-23 CVE-2022-4690 Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Memos 5.4