CVE-2022-4690
MEDIUM5.4EPSS 0.26%usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos
Published: 12/23/2022Modified: 3/3/2026
Description
usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos
Affected packages (2)
- Go/github.com/usememos/memosfrom 0, < 0.9.0
- Go/github.com/usememos/memosfrom 0, < 0.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-c8jh-vcjh-fx2w
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4690
- WEBhttps://github.com/usememos/memos
- WEBhttps://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e
- WEBhttps://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82
- WEBhttps://github.com/usememos/memos/pull/833
- WEBhttps://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335