Stored XSS in Search in usememos/memos

Valid

Reported on

Dec 21st 2022


Description

Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it.

Proof of Concept

#1. Access to the demo website https://demo.usememos.com/

#2. At "Any thoughts....", write XSS Payload and save it. In this scenario, I used payload: "><img src=x onerror=alert("XSS")>

#3. Now, at Search bar, just type "> (or any character in the payload) and the payload will be triggered.

Link: https://drive.google.com/file/d/1OfyG91RtpV-_rUanDrWiTbStjf0X7QJN/view?usp=sharing

Impact

Be able to steal user's cookies.

We are processing your report and will contact the usememos/memos team within 24 hours. 19 days ago
Chuu modified the report
19 days ago
We have contacted a member of the usememos/memos team and are waiting to hear back 18 days ago
STEVEN validated this vulnerability 17 days ago
Chuu has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.0 with commit 65cc19 17 days ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 17 days ago
to join this conversation