Sticky Notes

CVEs (3)

• CVE-2012-3999Jul 12, 2012
  risk 0.00cvss —epss 0.00

  Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

• CVE-2012-3998Jul 12, 2012
  risk 0.00cvss —epss 0.00

  Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php.

• CVE-2012-3997Jul 12, 2012
  risk 0.00cvss —epss 0.00

  Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php.