Total
58 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4802 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 5.4 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4809 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 8.8 HIGH |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4799 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4806 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 5.3 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4803 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 8.8 HIGH |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4767 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 7.5 HIGH |
Denial of Service in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4812 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2023-0111 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |||||
CVE-2022-4848 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 5.7 MEDIUM |
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4683 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 6.5 MEDIUM |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | |||||
CVE-2022-4865 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 9.0 CRITICAL |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4845 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2023-0106 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | |||||
CVE-2022-4688 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 8.8 HIGH |
Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
CVE-2022-4814 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 4.3 MEDIUM |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4797 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 4.3 MEDIUM |
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4800 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-25978 | 1 Usememos | 1 Memos | 2024-02-28 | N/A | 6.1 MEDIUM |
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. |