Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CWE-79
CVE-2023-0110
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0111
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0112
Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.10.0.
CVE-2023-0125
A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.
CVE-2023-0143
The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.