Go modules package
github.com/usememos/memos
pkg:golang/github.com/usememos/memos
Vulnerabilities (74)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25978 | Med | 5.4 | < 0.10.4-0.20230211093429-b11d2130a084 | 0.10.4-0.20230211093429-b11d2130a084 | Feb 15, 2023 | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | |
| CVE-2023-0112 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2023-0111 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2023-0110 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2023-0108 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2023-0107 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2023-0106 | Med | 5.4 | < 0.10.0 | 0.10.0 | Jan 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |
| CVE-2022-4866 | Cri | 9.0 | < 0.9.1 | 0.9.1 | Dec 31, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4865 | Cri | 9.0 | < 0.9.1 | 0.9.1 | Dec 31, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4863 | Med | 6.5 | < 0.9.1 | 0.9.1 | Dec 30, 2022 | Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4851 | Med | 5.3 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4850 | Med | 6.5 | <= 0.9.0 | — | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4849 | Med | 6.5 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4848 | Med | 5.7 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4847 | Med | 6.5 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4846 | Med | 6.5 | <= 0.9.0 | — | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4845 | Med | 4.3 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4844 | Hig | 8.8 | <= 0.9.0 | — | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4841 | Med | 5.4 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4840 | Med | 5.4 | < 0.9.1 | 0.9.1 | Dec 29, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. |
- affected < 0.10.4-0.20230211093429-b11d2130a084fixed 0.10.4-0.20230211093429-b11d2130a084
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.10.0fixed 0.10.0
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
- affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
- affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
- affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- affected <= 0.9.0
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
- affected < 0.9.1fixed 0.9.1
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Page 2 of 4