All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
6.5CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
9.8CVSS
9.4AI Score
0.002EPSS
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
8.1CVSS
8.1AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
5.4CVSS
5.2AI Score
0.001EPSS
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
8.1CVSS
4.5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
8.1CVSS
8.1AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
4.3CVSS
4.6AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
5.3CVSS
5.2AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.4AI Score
0.001EPSS
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.4AI Score
0.001EPSS
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
5.3CVSS
5.2AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
5.4CVSS
5.4AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
8.8CVSS
8.6AI Score
0.001EPSS
5.3CVSS
5.2AI Score
0.001EPSS
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
4.3CVSS
4.6AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
5.3CVSS
5.2AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
8.3CVSS
5.4AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.4AI Score
0.001EPSS
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
4.3CVSS
4.5AI Score
0.001EPSS
4.3CVSS
4.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
4.3CVSS
4.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.5AI Score
0.001EPSS
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.3AI Score
0.001EPSS
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
5.7CVSS
5.5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.5AI Score
0.001EPSS
5.3CVSS
5.2AI Score
0.001EPSS
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
6.5CVSS
6.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
9CVSS
8.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
9CVSS
8.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
5.4CVSS
5.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
5.4CVSS
5.3AI Score
0.001EPSS