Security Advisory

CVE-2022-25978

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-15 05:00:01

Last updated 2025-03-18 15:45:00

Assigner snyk

State PUBLISHED

Description

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

← Browse all CVEs View on cve.org ↗