CVE-2022-4866: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 31, 2022 (updated January 4, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

References

github.com/advisories/GHSA-x9p9-v3x6-68mq
github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc
huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff
nvd.nist.gov/vuln/detail/CVE-2022-4866

Code Behaviors & Features

Detect and mitigate CVE-2022-4866 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →