Vulnerabilities > Usememos > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2022-25978 Cross-site Scripting vulnerability in Usememos Memos
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
network
low complexity
usememos CWE-79
6.1
2023-01-07 CVE-2023-0106 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0107 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0108 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0110 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0111 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2023-01-07 CVE-2023-0112 Cross-site Scripting vulnerability in Usememos Memos
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
network
low complexity
usememos CWE-79
5.4
2022-12-30 CVE-2022-4863 Improper Handling of Insufficient Permissions or Privileges vulnerability in Usememos Memos
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
usememos CWE-280
6.5
2022-12-28 CVE-2022-4798 Authorization Bypass Through User-Controlled Key vulnerability in Usememos Memos
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
usememos CWE-639
5.3
2022-12-28 CVE-2022-4799 Authorization Bypass Through User-Controlled Key vulnerability in Usememos Memos
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
usememos CWE-639
6.5