Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository usememos/memos prior to 0.9.0.
Usememos
CVE-2022-25978
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
CVE-2023-0106
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0112
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0111
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0110
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.