Usememos Memos vulnerabilities
58 known vulnerabilities affecting usememos/usememos_memos.
Total CVEs
58
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH13MEDIUM41
Vulnerabilities
Page 2 of 3
CVE-2022-4683P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.02022-12-23
CVE-2022-4683 [MEDIUM] CWE-614 CVE-2022-4683: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos pri
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
nvd
CVE-2022-4849P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.12022-12-29
CVE-2022-4849 [MEDIUM] CWE-352 CVE-2022-4849: Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4850P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.12022-12-29
CVE-2022-4850 [MEDIUM] CWE-352 CVE-2022-4850: Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4811P4MEDIUMCVSS 5.4≥ unspecified, < 0.9.12022-12-28
CVE-2022-4811 [MEDIUM] CWE-639 CVE-2022-4811: Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
nvd
CVE-2022-4847P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.12022-12-29
CVE-2022-4847 [MEDIUM] CWE-941 CVE-2022-4847: Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos pri
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4800P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.12022-12-28
CVE-2022-4800 [MEDIUM] CWE-940 CVE-2022-4800: Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4846P4MEDIUMCVSS 6.5≥ unspecified, < 0.9.12022-12-29
CVE-2022-4846 [MEDIUM] CWE-352 CVE-2022-4846: Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4802P4MEDIUMCVSS 5.4≥ unspecified, < 0.9.12022-12-28
CVE-2022-4802 [MEDIUM] CWE-639 CVE-2022-4802: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4806P4MEDIUMCVSS 5.3≥ unspecified, < 0.9.12022-12-28
CVE-2022-4806 [MEDIUM] CWE-639 CVE-2022-4806: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4798P4MEDIUMCVSS 5.3≥ unspecified, < 0.9.12022-12-28
CVE-2022-4798 [MEDIUM] CWE-639 CVE-2022-4798: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2023-0109P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02024-11-15
CVE-2023-0109 [MEDIUM] CWE-79 CVE-2023-0109: A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. Th
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as
nvd
CVE-2022-4848P4MEDIUMCVSS 5.7≥ unspecified, < 0.9.12022-12-29
CVE-2022-4848 [MEDIUM] CWE-940 CVE-2022-4848: Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2023-0106P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0106 [MEDIUM] CWE-79 CVE-2023-0106: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0112P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0112 [MEDIUM] CWE-79 CVE-2023-0112: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0108P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0108 [MEDIUM] CWE-79 CVE-2023-0108: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0107P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0107 [MEDIUM] CWE-79 CVE-2023-0107: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0110P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0110 [MEDIUM] CWE-79 CVE-2023-0110: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2023-0111P4MEDIUMCVSS 5.4≥ unspecified, < 0.10.02023-01-07
CVE-2023-0111 [MEDIUM] CWE-79 CVE-2023-0111: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
nvd
CVE-2022-4801P4MEDIUMCVSS 5.3≥ unspecified, < 0.9.12022-12-28
CVE-2022-4801 [MEDIUM] CWE-1220 CVE-2022-4801: Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
nvd
CVE-2022-4839P4MEDIUMCVSS 5.4≥ unspecified, < 0.9.12022-12-29
CVE-2022-4839 [MEDIUM] CWE-79 CVE-2022-4839: Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
nvd