# Description
It is possible for a user to edit private memos from other users and also change their visibility, making them public. Also the user could change the visibility from Public to Private or viceversa.
# Steps to Reproduce
1. Log in as a user A (here called “ile.maricel”).
2. In another browser or private session, log in as user B (here called “ileana.mariceel”)
3. With user A, create a memo: “Test”. See that default visibility is PRIVATE (“only visible by you”).
[Figure 1](https://imgur.com/a/HFljPNm)
Memo ID: 1.
4. Copy the Cookie from user B.
5. With user A, select Edit option for the created memo and edit the phrase.
6. When selecting Save, intercept the request with a proxy and modify the Cookie by the one from user B.
7. Edit also `visibility` from `PRIVATE` to `PUBLIC`:
[Figure 2](https://imgur.com/a/XRY4DcK)
“`
PATCH /api/memo/1
Host: localhost:5230
Content-Type: application/json
Cookie: memos_session=MTY3MTU3OTA0MXxEdi1CQkFFQ180SUFBUkFCRUFBQUh2LUNBQUVHYzNSeWFXNW5EQWtBQjNWelpYSXRhV1FEYVc1MEJBSUFCQT09fOcAjJ2GPp5-cAXssL0lYKwcUk2hOR1JVz35py1Cn8sK
Connection: close
{“id”:1,”content”:”Test edited by another user”,”visibility”:”PUBLIC”,”resourceIdList”:[]}
“`
8. Note that memo from user A is public now.
9. Repeat the same steps changing from `PUBLIC` to `PRIVATE`.Read More