Stored XSS via markdown link in usememos/memos


Reported on

Jan 5th 2023


Markdown editor doesn't sanitize user's input, leads to stored XSS

Proof of Concept



1.Login to

2.Create new memo with content


image 3.Ctrl+left click this link, javascript code has been executed image


injects malicious content, phishing, session hijacking

We are processing your report and will contact the usememos/memos team within 24 hours. 4 days ago
We have contacted a member of the usememos/memos team and are waiting to hear back 3 days ago
STEVEN validated this vulnerability 3 days ago
Domiee13 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
3 days ago


@admin can you assign a CVE for this vulnerability, please ?

STEVEN marked this as fixed in 0.10.0 with commit 0f8ce3 3 days ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 3 days ago
to join this conversation