PT-2025-35797 · Memos · Memos

Yaniv Nizry

Published

2025-09-03

Updated

2025-09-22

CVE-2025-56761

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Memos version 0.22

Description Memos version 0.22 is susceptible to Stored Cross-Site Scripting (XSS) through the upload attachment and user avatar features. The software does not validate the content type of uploaded data before serving it, potentially allowing an authenticated attacker to elevate privileges when the stored XSS is viewed by an administrator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-56761

GHSA-CGRG-86M5-XM4W

GO-2025-3937

OPENSUSE-SU-2025:15538-1

SUSE-SU-2025:03289-1

Affected Products

Memos

PT-2025-35797 · Memos · Memos

CVE-2025-56761

Weakness Enumeration

Related Identifiers

Affected Products

References · 51