Metrics
Affected Vendors & Products
Thu, 04 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 04 Sep 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Usememos
Usememos memos |
|
Vendors & Products |
Usememos
Usememos memos |
Wed, 03 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Wed, 03 Sep 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XSS is viewed by an admin. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-04T14:27:45.512Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-56761

Updated: 2025-09-03T17:09:37.855Z

Status : Awaiting Analysis
Published: 2025-09-03T17:15:34.410
Modified: 2025-09-04T15:35:29.497
Link: CVE-2025-56761

No data.

Updated: 2025-09-04T13:12:14Z