A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.

Affected Packages

Go github.com/usememos/memos

Affected versions: 0 (fixed in 0.10.0)

Related CVEs

CVE-2023-0109

Key Information

GHSA ID

GHSA-5r2g-59px-3q9w

Published

November 15, 2024 12:31 PM

Last Modified

November 19, 2024 8:26 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/usememos/memos

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.