CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3999

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile44.29th
PublishedJul 12, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Affected Platforms (CPE)

πŸ“¦
Sayakbanerjee

Sticky Notes

<= 0.3.09062012.4

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/77138
πŸ”— https://gitorious.org/sticky-notes/sticky-notes/merge_requests/2
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/77138
πŸ”— https://gitorious.org/sticky-notes/sticky-notes/merge_requests/2

Related Vulnerabilities

CVE-2021-479727.5

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by cr...

CVE-2021-479737.5

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting exc...

CVE-2012-39987.5

Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL comma...

CVE-2011-26304.3

Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page t...