Stored XSS in Search in usememos/memos

Valid

Reported on

Dec 21st 2022


Description

Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it.

Proof of Concept

#1. Access to the demo website https://demo.usememos.com/

#2. At "Any thoughts....", write XSS Payload and save it. In this scenario, I used payload: "><img src=x onerror=alert("XSS")>

#3. Now, at Search bar, just type "> (or any character in the payload) and the payload will be triggered.

Link: https://drive.google.com/file/d/1OfyG91RtpV-_rUanDrWiTbStjf0X7QJN/view?usp=sharing

Impact

Be able to steal user's cookies.

We are processing your report and will contact the usememos/memos team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
Chuu modified the report
a year ago
We have contacted a member of the usememos/memos team and are waiting to hear back a year ago
STEVEN validated this vulnerability a year ago
uonghoangminhchau has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.0 with commit 65cc19 a year ago
STEVEN has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation