{"id":"GHSA-h2ph-9r76-37v5","summary":"usememos/memos vulnerable to stored Cross-site Scripting","details":"Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.","aliases":["CVE-2023-0111","GO-2023-1465"],"modified":"2024-08-20T20:59:12.422529Z","published":"2023-01-07T06:30:19Z","database_specific":{"cwe_ids":["CWE-79"],"github_reviewed":true,"severity":"MODERATE","github_reviewed_at":"2023-01-09T21:52:08Z","nvd_published_at":"2023-01-07T04:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0111"},{"type":"WEB","url":"https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c"},{"type":"PACKAGE","url":"https://github.com/usememos/memos"},{"type":"WEB","url":"https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3"}],"affected":[{"package":{"name":"github.com/usememos/memos","ecosystem":"Go","purl":"pkg:golang/github.com/usememos/memos"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.10.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-h2ph-9r76-37v5/GHSA-h2ph-9r76-37v5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}