CVE-2022-4840 HIGH

CVE-2022-4840: Cross-site Scripting (XSS) - Stored in usememos/memos

Vendor Usememos

Product usememos/memos

Weakness CWE-79 · XSS

Published December 29, 2022

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

Key dates

02Disclosure timeline

December 29, 2022 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4840 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-8729 Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting CVE-2024-11973 Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters CVE-2026-31914 WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability CVE-2025-58920 WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-4273 Essential Real Estate <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode