CVE-2022-4690

Name of the Vulnerable Software and Affected Versions usememos/memos versions prior to 0.9.0

Description The issue is related to stored Cross-site Scripting (XSS) in the usememos/memos GitHub repository. This repository is for an open-source, self-hosted memo hub that includes knowledge management and socialization features. The vulnerability can be exploited by uploading a crafted SVG file, which allows an attacker to perform a stored cross-site scripting attack using the image's direct link.

Recommendations For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files or disabling the feature to display uploaded files until the update can be applied.