Memos - XSS (CVE-2024-29029)

CVE-2024-29029 is a vulnerability in Memos 0.13.2 that allows unauthenticated users to exploit a server-side request forgery (SSRF) flaw at the /o/get/image endpoint, enabling internal network enumeration and image retrieval. Additionally, the vulnerability leads to a reflected cross-site scripting (XSS) issue, potentially allowing attackers to execute malicious scripts in users' browsers. This combination of SSRF and XSS could be leveraged for further attacks such as data theft or network reconnaissance.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network observations suggest that most exploitation of CVE-2024-29029 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-29029 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit the /o/get/image endpoint by supplying a remote URL to the url parameter, enabling SSRF and reflected XSS attacks. These requests often include external image URLs and result in the server reflecting attacker-controlled content in the response.