Stored XSS while creating a new post in usememos/memos
Dec 27th 2022
After login to portal create a new post and type the following text with XSS payload
Proof of Concept
- Login to portal.
- create a post with xss paylaod
- save it
<iframe srcdoc='<body onload=prompt(99)>'>>#09;>&
If exploited, this vulnerability could allow an attacker to steal sensitive information, such as login credentials , from users visiting the affected website.
low user can create a post , with injected payload to steal Admin , cookies Or Admin accesss
Users account takeover + admin