x/vulndb: potential Go vuln in github.com/usememos/memos/server: CVE-2022-25978

[GoVulnBot]

CVE-2022-25978 references [Path is unknown](https://Path is unknown), which may be a Go module.

Description:
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-25978
• JSON: https://github.com/CVEProject/cvelist/tree/b2a531e678c088a4bcbf44faa8f95f9451512b4c/2022/25xxx/CVE-2022-25978.json
• web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070
• fix: usememos/memos@b11d213
• web: XSS Due to insufficient checks on the external resources usememos/memos#1026
• Imported by: https://pkg.go.dev/Path is unknown?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: std
    packages:
      - package: Path is unknown
description: |
    All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
cves:
  - CVE-2022-25978
references:
  - web: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070
  - fix: https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8
  - web: https://github.com/usememos/memos/issues/1026

[gopherbot]

Change https://go.dev/cl/468637 mentions this issue: data/reports: add GO-2023-1566.yaml