CVE-2022-4694: 
NixOS vulnerability analysis and mitigation

Cross-site Scripting (XSS) vulnerability was discovered in GitHub repository usememos/memos prior to version 0.9.0. The vulnerability was disclosed on December 27, 2022 and assigned CVE-2022-4694 with a CVSS v3.1 base score of 5.4 (Medium) (AttackerKB).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed with low impact on confidentiality and integrity, but no impact on availability (AttackerKB).

If exploited, the vulnerability could allow attackers to execute malicious scripts in the context of other users' browsers, potentially leading to theft of sensitive information or manipulation of web content. The CVSS scoring indicates low impact on both confidentiality and integrity of the system (AttackerKB).

The vulnerability has been fixed in version 0.9.0 of usememos/memos. The fix involves adding proper escape functionality to prevent XSS attacks, as evidenced by the commit that implements escape functions from the lodash library (GitHub Commit).