Headline
CVE-2022-4690
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Related news
GHSA-c8jh-vcjh-fx2w: usememos/memos vulnerable to stored cross-site scripting (XSS)
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 has a feature to upload file and display it, and by uploading a crafted SVG file, an attacker could perform a stored cross-site scripting attack with the image direct link. This was patched in version 0.9.0.