CVE-2023-0109

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0109

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0109.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0109

Aliases

Related

openSUSE-SU-2024:14513-1

Published

2024-11-15T11:15:08Z

Modified

2024-11-19T17:42:10.968463Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

References

Affected packages

Git / github.com/usememos/memos

Affected ranges

Type: GIT
Repo: https://github.com/usememos/memos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46c13a4b7f675b92d297df6dabb4441f13c7cd9c

Affected versions

v0.*

v0.1.2

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.9.1