CVE-2022-25978

Name of the Vulnerable Software and Affected Versions github.com/usememos/memos/server versions prior to 0.11.0

Description The issue is related to Cross-site Scripting (XSS) due to insufficient checks on external resources. This allows malicious actors to introduce links starting with a javascript: scheme, which can be used as part of an XSS attack.

Recommendations For versions prior to 0.11.0, update to version 0.11.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of external resources to minimize the risk of exploitation. Avoid using links starting with the javascript: scheme in the affected application until the issue is resolved.