CVE-2022-4695 HIGH

CVE-2022-4695: Cross-site Scripting (XSS) - Stored in usememos/memos

Vendor Usememos
Product usememos/memos
Weakness CWE-79 · XSS
Published December 23, 2022
Last update April 9, 2025
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

Key dates

02Disclosure timeline

December 23, 2022 CVE published
April 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-4697 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-0519 Cross-site Scripting (XSS) - Stored in modoboa/modoboa CVE-2020-1673 Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. CVE-2025-6068 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting