CVE-2022-25978
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
Open-source, self-hosted note-taking tool built for quick capture. Markdown-native, lightweight, and fully yours.
GitHub