Vulnerabilities > Usememos

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2023-0109 Cross-site Scripting vulnerability in Usememos Memos 0.9.1
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1.
network
low complexity
usememos CWE-79
5.4
2023-09-18 CVE-2023-5036 Cross-Site Request Forgery (CSRF) vulnerability in Usememos Memos
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
network
low complexity
usememos CWE-352
8.8
2023-09-01 CVE-2023-4696 Improper Access Control vulnerability in Usememos Memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
network
low complexity
usememos CWE-284
critical
9.8
2023-09-01 CVE-2023-4697 Improper Privilege Management vulnerability in Usememos Memos
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
network
low complexity
usememos CWE-269
8.8
2023-09-01 CVE-2023-4698 Improper Input Validation vulnerability in Usememos Memos
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
network
low complexity
usememos CWE-20
7.5
2023-02-15 CVE-2022-25978 Cross-site Scripting vulnerability in Usememos Memos
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
network
low complexity
usememos CWE-79
6.1
2023-01-07 CVE-2023-0106 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0107 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0108 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0110 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4