MODERATE

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4849
https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
https://huntr.dev/bounti…

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4847
https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa39…

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4846
https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
https://huntr.dev/bounti…

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4845
https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
https://huntr.dev/bounties…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.9.1.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4841
https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8
https://huntr.dev/bount…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4840
https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8
https://huntr.dev/boun…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4839
https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8
https://huntr.dev/boun…

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4844
https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
https://huntr.dev/bounti…

In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user’s memos page via POST request.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4851
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc…

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted targ…