Memos - XSS (CVE-2024-29029)

CVE-2024-29029 is a vulnerability in Memos 0.13.2 that allows unauthenticated users to exploit a server-side request forgery (SSRF) flaw at the /o/get/image endpoint, enabling internal network enumeration and image retrieval. Additionally, the vulnerability leads to a reflected cross-site scripting (XSS) issue, potentially allowing attackers to execute malicious scripts in users' browsers. This combination of SSRF and XSS could be leveraged for further attacks such as data theft or network reconnaissance.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2024-29029 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. CrowdSec data also reveals a clear uptick in attacks involving CVE-2024-29029 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit the /o/get/image endpoint by supplying a remote URL to the url parameter, enabling SSRF and reflected XSS attacks. These requests often include external image URLs and result in the server reflecting attacker-controlled content in the response.