Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Stored XSS using two files in usememos/memos
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.
Permalink: https://github.com/advisories/GHSA-5r2g-59px-3q9wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 26 days ago
Updated: 21 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00045
EPSS Percentile: 0.15514
Identifiers: GHSA-5r2g-59px-3q9w, CVE-2023-0109
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0109
- https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c
- https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e
- https://pkg.go.dev/vuln/GO-2024-3274
- https://github.com/advisories/GHSA-5r2g-59px-3q9w
Blast Radius: 1.0
Affected Packages
go:github.com/usememos/memos
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 0.10.0
Fixed in: 0.10.0
All affected versions: 0.0.1, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0, 0.9.1
All unaffected versions: 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.19.1, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5