[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-0109":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":57,"downstream":58,"duplicates":61,"related":62,"reserved_at":9,"published_at":64,"modified_at":65,"state":66,"summary":67,"references_raw":75,"kevs":108,"epss":109,"epss_history":112,"metrics":380,"affected":395},"CVE-2023-0109","A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_94113DA7C6F15D8A","Exploit Reference (huntr.com)","reference","https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e","unknown",0.2,false,[],[55,56],"GHSA-5r2g-59px-3q9w","GO-2024-3274",[],[59],{"_key":60},"OPENSUSE-SU-2024:14513-1",[],[63],{"_key":60},"2024-11-15T10:57:21.900Z","2024-11-15T20:56:59.319Z","Analyzed",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":70,"severity_score":71,"severity_version":72,"severity_source":73,"severity_vector":74,"severity_status":66},"low",0.00269,"critical",9.8,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[76,84,90,95,100,104],{"url":49,"sources":77,"tags":80},[73,78,79],"nvd","osv_go",[81,82,83],"Exploit","Third Party Advisory","WEB",{"url":85,"sources":86,"tags":87},"https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c",[73,78,79],[88,83,89],"Patch","FIX",{"url":91,"sources":92,"tags":93},"https://nvd.nist.gov/vuln/detail/CVE-2023-0109",[79],[94],"Advisory",{"url":96,"sources":97,"tags":98},"https://github.com/usememos/memos",[79],[99],"PACKAGE",{"url":101,"sources":102,"tags":103},"https://pkg.go.dev/vuln/GO-2024-3274",[79],[83],{"url":105,"sources":106,"tags":107},"https://github.com/advisories/GHSA-5r2g-59px-3q9w",[79],[94],[],{"date":110,"score":69,"percentile":111},"2026-06-04",0.50592,[113,117,120,123,126,129,132,135,138,141,144,147,150,153,156,160,163,166,169,171,174,177,179,182,185,188,191,194,197,200,203,206,208,211,214,217,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,265,269,272,275,279,282,285,288,291,294,297,300,303,306,309,312,315,317,319,322,325,328,331,334,337,339,342,345,348,351,354,357,360,363,365,368,371,374,377],{"date":114,"score":115,"percentile":116},"2025-11-04",0.0012,0.31705,{"date":118,"score":115,"percentile":119},"2025-11-05",0.31681,{"date":121,"score":115,"percentile":122},"2025-11-06",0.31688,{"date":124,"score":115,"percentile":125},"2025-11-07",0.31708,{"date":127,"score":115,"percentile":128},"2025-11-08",0.31709,{"date":130,"score":115,"percentile":131},"2025-11-09",0.31686,{"date":133,"score":115,"percentile":134},"2025-11-10",0.31637,{"date":136,"score":115,"percentile":137},"2025-11-11",0.31654,{"date":139,"score":115,"percentile":140},"2025-11-12",0.31698,{"date":142,"score":115,"percentile":143},"2025-11-13",0.31718,{"date":145,"score":115,"percentile":146},"2025-11-14",0.31721,{"date":148,"score":115,"percentile":149},"2025-11-15",0.31722,{"date":151,"score":115,"percentile":152},"2025-11-16",0.31687,{"date":154,"score":115,"percentile":155},"2025-11-17",0.31663,{"date":157,"score":158,"percentile":159},"2025-11-18",0.00256,0.45692,{"date":161,"score":158,"percentile":162},"2025-11-19",0.45708,{"date":164,"score":158,"percentile":165},"2025-11-20",0.45713,{"date":167,"score":115,"percentile":168},"2025-11-21",0.31704,{"date":170,"score":115,"percentile":128},"2025-11-22",{"date":172,"score":115,"percentile":173},"2025-11-23",0.31682,{"date":175,"score":115,"percentile":176},"2025-11-24",0.31658,{"date":178,"score":115,"percentile":137},"2025-11-25",{"date":180,"score":115,"percentile":181},"2025-11-26",0.31655,{"date":183,"score":115,"percentile":184},"2025-11-27",0.31669,{"date":186,"score":115,"percentile":187},"2025-11-28",0.31648,{"date":189,"score":115,"percentile":190},"2025-11-29",0.31632,{"date":192,"score":115,"percentile":193},"2025-11-30",0.31611,{"date":195,"score":115,"percentile":196},"2025-12-01",0.3169,{"date":198,"score":115,"percentile":199},"2025-12-02",0.3172,{"date":201,"score":115,"percentile":202},"2025-12-03",0.31719,{"date":204,"score":115,"percentile":205},"2025-12-04",0.31617,{"date":207,"score":115,"percentile":137},"2025-12-05",{"date":209,"score":115,"percentile":210},"2025-12-06",0.31653,{"date":212,"score":115,"percentile":213},"2025-12-07",0.31625,{"date":215,"score":115,"percentile":216},"2025-12-08",0.31638,{"date":218,"score":115,"percentile":196},"2025-12-09",{"date":220,"score":115,"percentile":221},"2025-12-10",0.3175,{"date":223,"score":115,"percentile":224},"2025-12-11",0.31786,{"date":226,"score":115,"percentile":227},"2025-12-12",0.3182,{"date":229,"score":115,"percentile":230},"2025-12-13",0.31806,{"date":232,"score":115,"percentile":233},"2025-12-14",0.31779,{"date":235,"score":115,"percentile":236},"2025-12-15",0.31728,{"date":238,"score":115,"percentile":239},"2025-12-16",0.31746,{"date":241,"score":115,"percentile":242},"2025-12-17",0.31797,{"date":244,"score":115,"percentile":245},"2025-12-18",0.31845,{"date":247,"score":115,"percentile":248},"2025-12-19",0.31872,{"date":250,"score":115,"percentile":251},"2025-12-20",0.31851,{"date":253,"score":115,"percentile":254},"2025-12-21",0.31795,{"date":256,"score":115,"percentile":257},"2025-12-22",0.31764,{"date":259,"score":115,"percentile":260},"2025-12-23",0.31744,{"date":262,"score":263,"percentile":264},"2025-12-24",0.00167,0.38364,{"date":266,"score":267,"percentile":268},"2025-12-25",0.00259,0.4914,{"date":270,"score":267,"percentile":271},"2025-12-26",0.4913,{"date":273,"score":267,"percentile":274},"2025-12-27",0.49157,{"date":276,"score":277,"percentile":278},"2025-12-28",0.00198,0.42078,{"date":280,"score":277,"percentile":281},"2025-12-29",0.4206,{"date":283,"score":277,"percentile":284},"2025-12-30",0.42051,{"date":286,"score":277,"percentile":287},"2025-12-31",0.42096,{"date":289,"score":277,"percentile":290},"2026-01-01",0.42232,{"date":292,"score":277,"percentile":293},"2026-01-02",0.42207,{"date":295,"score":277,"percentile":296},"2026-01-03",0.42196,{"date":298,"score":277,"percentile":299},"2026-01-04",0.42037,{"date":301,"score":277,"percentile":302},"2026-01-05",0.42013,{"date":304,"score":277,"percentile":305},"2026-01-06",0.42014,{"date":307,"score":277,"percentile":308},"2026-01-07",0.42035,{"date":310,"score":277,"percentile":311},"2026-01-08",0.42063,{"date":313,"score":277,"percentile":314},"2026-01-09",0.42043,{"date":316,"score":277,"percentile":314},"2026-01-10",{"date":318,"score":277,"percentile":305},"2026-01-11",{"date":320,"score":277,"percentile":321},"2026-01-12",0.41965,{"date":323,"score":277,"percentile":324},"2026-01-13",0.41943,{"date":326,"score":277,"percentile":327},"2026-01-14",0.41992,{"date":329,"score":277,"percentile":330},"2026-01-15",0.41984,{"date":332,"score":277,"percentile":333},"2026-01-16",0.42004,{"date":335,"score":277,"percentile":336},"2026-01-17",0.41977,{"date":338,"score":277,"percentile":324},"2026-01-18",{"date":340,"score":277,"percentile":341},"2026-01-19",0.41913,{"date":343,"score":277,"percentile":344},"2026-01-20",0.41903,{"date":346,"score":277,"percentile":347},"2026-01-21",0.41906,{"date":349,"score":277,"percentile":350},"2026-01-22",0.41901,{"date":352,"score":277,"percentile":353},"2026-01-23",0.41958,{"date":355,"score":277,"percentile":356},"2026-01-24",0.41969,{"date":358,"score":277,"percentile":359},"2026-01-25",0.41921,{"date":361,"score":277,"percentile":362},"2026-01-26",0.41878,{"date":364,"score":277,"percentile":362},"2026-01-27",{"date":366,"score":277,"percentile":367},"2026-01-28",0.41875,{"date":369,"score":277,"percentile":370},"2026-01-29",0.4186,{"date":372,"score":277,"percentile":373},"2026-01-30",0.41866,{"date":375,"score":277,"percentile":376},"2026-01-31",0.41872,{"date":378,"score":277,"percentile":379},"2026-02-01",0.41982,[381,385,393],{"source":73,"cvss_v2_0":9,"cvss_v3_0":382,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":383,"vectorString":74,"impactScore":71,"exploitabilityScore":384},"CRITICAL",10,{"source":78,"cvss_v2_0":9,"cvss_v3_0":386,"cvss_v3_1":387,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":383,"vectorString":74,"impactScore":71,"exploitabilityScore":384},{"baseScore":388,"baseSeverity":389,"vectorString":390,"impactScore":391,"exploitabilityScore":392},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",4.5,5.9,{"source":79,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":394,"cvss_v4_0":9},{"baseScore":388,"baseSeverity":9,"vectorString":390,"impactScore":391,"exploitabilityScore":392},[396,409,416],{"ecosystem":397,"name":398,"vendor":399,"product":400,"cpe_part":9,"purl_type":401,"purl_namespace":399,"purl_name":400,"source":9,"versions":402},"Go","github.com/usememos/memos","github.com/usememos","memos","golang",[403],{"version":404,"is_range":405,"range_type":406,"version_start":9,"version_start_type":9,"version_end":407,"version_end_type":408,"fixed_in":9},"lt0_10_0",true,"semver","0.10.0","excluding",{"ecosystem":9,"name":400,"vendor":410,"product":400,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"usememos","a",[413],{"version":414,"is_range":52,"range_type":415,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"0.9.1","cpe",{"ecosystem":9,"name":417,"vendor":410,"product":417,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"usememos/memos",[419],{"version":420,"is_range":405,"range_type":73,"version_start":421,"version_start_type":422,"version_end":407,"version_end_type":408,"fixed_in":9},">= unspecified, \u003C 0.10.0","unspecified","including"]