4nuxd
_
sec·ops
Home
About
Writeups
News
Tools
Resources
Database
[Connect]
CVE
-
2022
-
4865
CRITICAL
9.0
/ 10.0
Share:
Published:
December 31, 2022 at 09:15 AM
Modified:
November 21, 2024 at 07:36 AM
Source:
security@huntr.dev
Vulnerability Description
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
CVSS Metrics
Base Score
9.0
Severity
CRITICAL
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-79
Source: security@huntr.dev
References & Intelligence
https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc
Source: security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be
Source: security@huntr.dev
Exploit
Third Party Advisory
https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Related Resources
Browse CVE Database
Search 294,000+ vulnerabilities
CVEs from 2022
View all vulnerabilities this year
CWE Database
Explore weakness categories
Security Writeups
Learn from real-world examples
About 4nuxd
Cybersecurity research & tools
Homepage
Explore more security resources