CVE-2023-0109 CRITICAL

CVE-2023-0109: Stored XSS in usememos/memos

Vendor Usememos
Product usememos/memos
Weakness CWE-79 · XSS
Published November 15, 2024
Last update November 15, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE