Stored XSS via markdown link in usememos/memos

Valid

Reported on

Jan 5th 2023


Description

Markdown editor doesn't sanitize user's input, leads to stored XSS

Proof of Concept

[a](javascript:window.onerror=alert`poc`;throw%201)

Reproduce

1.Login to https://demo.usememos.com/

2.Create new memo with content

[a](javascript:window.onerror=alert`poc`;throw%201)

image 3.Ctrl+left click this link, javascript code has been executed image

Impact

injects malicious content, phishing, session hijacking

We are processing your report and will contact the usememos/memos team within 24 hours. 4 months ago
We have contacted a member of the usememos/memos team and are waiting to hear back 4 months ago
STEVEN validated this vulnerability 4 months ago
Domiee13 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Domiee13
4 months ago

Researcher


@admin can you assign a CVE for this vulnerability, please ?

STEVEN marked this as fixed in 0.10.0 with commit 0f8ce3 4 months ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 4 months ago
to join this conversation