x/vulndb: potential Go vuln in github.com/usememos/memos/server: CVE-2022-25978 #1566
Description
CVE-2022-25978 references [Path is unknown](https://Path is unknown), which may be a Go module.
Description:
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
References:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-25978
- JSON: https://github.com/CVEProject/cvelist/tree/b2a531e678c088a4bcbf44faa8f95f9451512b4c/2022/25xxx/CVE-2022-25978.json
- web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070
- fix: usememos/memos@b11d213
- web: XSS Due to insufficient checks on the external resources usememos/memos#1026
- Imported by: https://pkg.go.dev/Path is unknown?tab=importedby
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: std
packages:
- package: Path is unknown
description: |
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
cves:
- CVE-2022-25978
references:
- web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070
- fix: https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8
- web: https://github.com/usememos/memos/issues/1026