What the vulnerability does
01Description
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4609
HIGH
CVE-2022-4609: Cross-site Scripting (XSS) - Stored in usememos/memos
CVSS base score
7.6/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H
Key dates
02Disclosure timeline
December 19, 2022
CVE published
April 14, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-11817 Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE-2024-52502 WordPress ImbaChat plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability
CVE-2021-38134 Possible Reflected and Stored XSS in OpenText iManager
CVE-2025-46501 WordPress Mixcloud Embed plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2022-20959 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
