Описание
Cross Site Scripting in usememos/memos
All versions of the package github.com/usememos/memos/server prior to 0.11.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
Пакеты
Наименование
github.com/usememos/memos
go
Затронутые версииВерсия исправления
< 0.10.4-0.20230211093429-b11d2130a084
0.10.4-0.20230211093429-b11d2130a084
Связанные уязвимости
CVSS3: 5.4
nvd
почти 3 года назад
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.