CVE-2022-4865: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 31, 2022 (updated January 4, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

References

github.com/advisories/GHSA-8w5q-5fpq-v4pm
github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc
huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be
nvd.nist.gov/vuln/detail/CVE-2022-4865

Code Behaviors & Features

Detect and mitigate CVE-2022-4865 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →