boojack

55 exploits Active since Dec 2022

CVE-2022-25978 WRITEUP MEDIUM WRITEUP

github.com/usememos/memos/server - XSS

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

CVSS 5.4

View Code

CVE-2022-4683 WRITEUP MEDIUM WRITEUP

GitHub usememos/memos <0.9.0 - Info Disclosure

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CVSS 6.5

View Code

CVE-2022-4684 WRITEUP HIGH WRITEUP

usememos/memos <0.9.0 - Info Disclosure

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVSS 8.8

View Code

CVE-2022-4686 WRITEUP CRITICAL WRITEUP

GitHub repository usememos/memos <0.9.0 - Auth Bypass

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

CVSS 9.8

View Code

CVE-2022-4687 WRITEUP HIGH WRITEUP

usememos/memos <0.9.0 - Privilege Escalation

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

CVSS 8.1

View Code

CVE-2022-4688 WRITEUP HIGH WRITEUP

usememos/memos <0.9.0 - Info Disclosure

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

CVSS 8.8

View Code

CVE-2022-4689 WRITEUP HIGH WRITEUP

usememos/memos <0.9.0 - Info Disclosure

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

CVSS 8.8

View Code

CVE-2022-4690 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.0 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS 5.4

View Code

CVE-2022-4691 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.0 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS 5.4

View Code

CVE-2022-4692 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.0 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS 5.4

View Code

CVE-2022-4694 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.0 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS 5.4

View Code

CVE-2022-4695 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.0 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS 5.4

View Code

CVE-2022-4734 WRITEUP HIGH WRITEUP

GitHub usememos/memos <0.9.1 - Info Disclosure

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

CVSS 8.1

View Code

CVE-2022-4767 WRITEUP HIGH WRITEUP

Memos < 0.9.1 - Denial of Service

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

CVSS 7.5

View Code

CVE-2022-4796 WRITEUP HIGH WRITEUP

usememos/memos <0.9.1 - Privilege Escalation

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CVSS 8.1

View Code

CVE-2022-4797 WRITEUP MEDIUM WRITEUP

Memos < 0.9.1 - Brute Force

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.

CVSS 4.3

View Code

CVE-2022-4798 WRITEUP MEDIUM WRITEUP

Memos < 0.9.1 - IDOR

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVSS 5.3

View Code

CVE-2022-4799 WRITEUP MEDIUM WRITEUP

Memos < 0.9.1 - IDOR

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVSS 6.5

View Code

CVE-2022-4800 WRITEUP MEDIUM WRITEUP

GitHub usememos/memos <0.9.1 - Info Disclosure

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.

CVSS 6.5

View Code

CVE-2022-4801 WRITEUP MEDIUM WRITEUP

GitHub usememos/memos <0.9.1 - Info Disclosure

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.

CVSS 5.3

View Code

CVE-2022-4802 WRITEUP MEDIUM WRITEUP

GitHub usememos/memos <0.9.1 - Auth Bypass

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVSS 5.4

View Code

CVE-2022-4803 WRITEUP HIGH WRITEUP

usememos/memos <0.9.1 - Auth Bypass

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVSS 8.8

View Code

CVE-2022-4804 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.1 - Info Disclosure

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.

CVSS 5.3

View Code

CVE-2022-4805 WRITEUP MEDIUM WRITEUP

usememos/memos <0.9.1 - Privilege Escalation

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CVSS 4.3

View Code

CVE-2022-4806 WRITEUP MEDIUM WRITEUP

GitHub usememos/memos <0.9.1 - Auth Bypass

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVSS 5.3

View Code