Описание
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
Ссылки
- Patch
- Exploit
- ExploitIssue TrackingPatchThird Party Advisory
- Patch
- Exploit
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00109
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79
Связанные уязвимости
EPSS
Процентиль: 30%
0.00109
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79