CNNVD-202509-266 Information

CNNVD ID

CNNVD-202509-266

Related CVE

CVE-2025-56761

• CNNVD Published: 2025-09-03

Description (Chinese)

Memos是Memos开源的一个具有知识管理和社交功能的开源自托管备忘录中心。 Memos 0.22版本存在安全漏洞，该漏洞源于上传附件和用户头像功能容易受到存储型跨站脚本攻击，可能导致权限提升。

Description (English)

Memos is an open-source Memos centre with knowledge management and socialization functions. The Memos 0.22 version has a security loophole, which stems from the fact that uploading attachments and user image functions are vulnerable to storage-type cross-site script attacks, which may lead to increased access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Memos

Published

2025-09-03

Last Modified

2026-02-24

References

https://github.com/usememos/memos/blob/v0.24.4/server/router/api/v1/resource_service.go#L48 https://github.com/usememos/memos/blob/v0.24.0/server/router/api/v1/user_service.go#L147 https://www.sonarsource.com/blog/securing-go-applications-with-sonarqube-real-world-examples/ https://access.redhat.com/security/cve/cve-2025-56761

Patch

https://www.usememos.com/