Memos - XSS (CVE-2024-29029)

CVE-2024-29029 is a vulnerability in Memos 0.13.2 that allows unauthenticated users to exploit a server-side request forgery (SSRF) flaw at the /o/get/image endpoint, enabling internal network enumeration and image retrieval. Additionally, the vulnerability leads to a reflected cross-site scripting (XSS) issue, potentially allowing attackers to execute malicious scripts in users' browsers. This combination of SSRF and XSS could be leveraged for further attacks such as data theft or network reconnaissance.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

Based on data from the CrowdSec network, nearly all observed exploitation of CVE-2024-29029 is fully opportunistic, with attackers indiscriminately scanning the entire internet. These attacks are automated and lack any form of target selection or reconnaissance. CrowdSec network telemetry also shows that exploitation of CVE-2024-29029 has significantly declined over the past week. Attack volumes are well below the long-term average, suggesting attackers are rapidly losing interest. The vulnerability appears to be falling out of active use across most threat landscapes.

Attackers exploit the /o/get/image endpoint by supplying a remote URL to the url parameter, enabling SSRF and reflected XSS attacks. These requests often include external image URLs and result in the server reflecting attacker-controlled content in the response.