{"id":"GHSA-pcvh-px2p-vmxw","summary":"usememos/memos vulnerable to stored Cross-site Scripting","details":"Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.","aliases":["CVE-2023-0107"],"modified":"2023-11-08T04:11:05.702675Z","published":"2023-01-07T06:30:20Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2023-01-07T04:15:00Z","github_reviewed":true,"github_reviewed_at":"2023-01-09T21:54:06Z","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0107"},{"type":"WEB","url":"https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7"},{"type":"PACKAGE","url":"https://github.com/usememos/memos"},{"type":"WEB","url":"https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156"}],"affected":[{"package":{"name":"github.com/usememos/memos","ecosystem":"Go","purl":"pkg:golang/github.com/usememos/memos"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.10.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-pcvh-px2p-vmxw/GHSA-pcvh-px2p-vmxw.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}