Kahla

**Name of the Vulnerable Software and Affected Versions** github.com/usememos/memos/server versions prior to 0.11.0 **Description** The issue is related to Cross-site Scripting (XSS) due to insufficient checks on external resources. This allows malicious actors to introduce links starting with a `javascript:` scheme, which can be used as part of an XSS attack. **Recommendations** For versions prior to 0.11.0, update to version 0.11.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of external resources to minimize the risk of exploitation. Avoid using links starting with the `javascript:` scheme in the affected application until the issue is resolved.