CVE-2022-4845
published 2022-12-29CVE-2022-4845: Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
PriorityP417medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.26%
17.1th percentile
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.1 | 0.9.1 |
| usememos | memos | < 0.9.1 | 0.9.1 |
| usememos | usememos_memos | >= unspecified < 0.9.1 | 0.9.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv3.06.7MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
osv·2024-08-21
CVE-2022-4845 usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
usememos/memos Cross-Site Request Forgery vulnerability in github.com/usememos/memos
GHSA
usememos/memos Cross-Site Request Forgery vulnerability
ghsa·2022-12-29
CVE-2022-4845 [MEDIUM] CWE-352 usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1
OSV
usememos/memos Cross-Site Request Forgery vulnerability
osv·2022-12-29
CVE-2022-4845 [MEDIUM] usememos/memos Cross-Site Request Forgery vulnerability
usememos/memos Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1
No detection rules found.
Nuclei
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-0212 [MEDIUM] WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
WordPress Spider Calendar =1.5.66) or apply the vendor-supplied patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/15be2d2b-baa3-4845-82cf-3c351c695b47
- https://wordpress.org/plugins/spider-event-calendar/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0212
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0212
cwe-id: CWE-79
epss-score: 0.01943
epss-percentile: 0.83432
cpe: cpe:2.3:a:10web:spidercalendar:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: 10web
product: spidercalendar
framework: wordpress
tags: cve2022,cve,xss,wpscan,wordpress,wp-plugin,wp,spider-event-calendar,unauthenticated,10web,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=window&
No writeups or analysis indexed.
2022-12-29
Published