Memos 漏洞列表
共找到 11 个与 Memos 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2025-50738: Memos < 0.25.0 - Stored Cross-Site Scripting POC
An authenticated attacker can upload a specially crafted SVG file containing JavaScript code to Memos versions prior to 0.25.0, leading to a stored cross-site scripting (XSS) vulnerability. -
CVE-2024-29028: Memos 0.13.2 - Server-Side Request Forgery POC
SSRF vulnerabilities exist in the memos API service `/o/get/httpmeta` that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the administrator account. -
CVE-2024-29029: Memos 0.13.2 - Cross-Site Scripting & SSRF POC
An SSRF vulnerability exists at the `/o/get/image` that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. -
CVE-2024-29030: Memos 0.13.2 - Server-Side Request Forgery POC
An SSRF vulnerability exists at the `/api/resource` that allows authenticated users to enumerate the internal network. -
CVE-2025-22952: Elestio Memos <= v0.24.0 - Server-Side Request Forgery POC
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. -
CVE-2025-50738: Memos < 0.25.0 - Stored Cross-Site Scripting POC
An authenticated attacker can upload a specially crafted SVG file containing JavaScript code to Memos versions prior to 0.25.0, leading to a stored cross-site scripting (XSS) vulnerability. -
CVE-2024-29028: Memos 0.13.2 - Server-Side Request Forgery POC
SSRF vulnerabilities exist in the memos API service `/o/get/httpmeta` that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the administrator account. -
CVE-2024-29029: Memos 0.13.2 - Cross-Site Scripting & SSRF POC
An SSRF vulnerability exists at the `/o/get/image` that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. -
CVE-2024-29030: Memos 0.13.2 - Server-Side Request Forgery POC
An SSRF vulnerability exists at the `/api/resource` that allows authenticated users to enumerate the internal network. -
CVE-2025-22952: Elestio Memos <= v0.24.0 - Server-Side Request Forgery POC
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. -
ElestioMemos v0.23.0版本存在SSRF漏洞(CVE-2025-22952) 无POC
Elestio Memos 是 Elestio 公司提供的托管服务,用于一键部署和运行开源项目 Memos(一个轻量级自托管笔记工具)。elestiomemos v0.23.0本本 由于对用户提供的 URL 验证不充分,容易受到服务器端请求伪造 (SSRF) 的攻击,可被利用来执行 SSRF 攻击。