Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Memos
(Usememos)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 58 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-02-15 | CVE-2022-25978 | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | Memos | 6.1 | ||
2023-09-18 | CVE-2023-5036 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. | Memos | 8.8 | ||
2023-09-01 | CVE-2023-4696 | Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | Memos | 9.8 | ||
2023-09-01 | CVE-2023-4697 | Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | Memos | 8.8 | ||
2023-09-01 | CVE-2023-4698 | Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | Memos | 7.5 | ||
2022-12-27 | CVE-2022-4734 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. | Memos | 4.3 | ||
2022-12-28 | CVE-2022-4811 | Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | Memos | 5.4 | ||
2022-12-23 | CVE-2022-4686 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | Memos | 9.8 | ||
2022-12-23 | CVE-2022-4683 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | Memos | 6.5 | ||
2022-12-28 | CVE-2022-4808 | Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. | Memos | 8.8 |