CVE-2023-0109 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-0109 PUBLISHED CVSS 9.8 CRITICAL

Reported by @huntr_ai · Published November 15, 2024

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

Risk Scores

CVSS v3.0

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
usememos	usememos/memos	unspecified
github.com	usememos/memos	0, 0
usememos	usememos/memos	unspecified, unspecified
usememos	memos	0, 0

Timeline

Nov 15, 2024 CVE Published
Nov 16, 2024 EPSS Score
Nov 19, 2024 CVE Updated
Dec 4, 2024 EPSS Score
Dec 21, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 24, 2025 EPSS Score
Feb 10, 2025 EPSS Score
Feb 27, 2025 EPSS Score
Mar 16, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 19, 2025 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0109 advisory
https://github.com/advisories/GHSA-5r2g-59px-3q9w advisory
https://github.com/usememos/memos url

Open in Interactive Console →