Vulnerability Details : CVE-2012-3997
Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2012-3997
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3997
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-3997
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3997
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083169.html
[SECURITY] Fedora 16 Update: sticky-notes-0.3.09062012.4-5.fc16
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083120.html
[SECURITY] Fedora 17 Update: sticky-notes-0.3.09062012.4-5.fc17
-
https://bugzilla.redhat.com/show_bug.cgi?id=810928
810928 – (CVE-2012-3997, CVE-2012-3998) CVE-2012-3997 CVE-2012-3998 Review Request: sticky-notes - Sticky notes is a free and open source paste-bin application
-
http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308
Exploit;Patch
Products affected by CVE-2012-3997
- cpe:2.3:a:sayakbanerjee:sticky_notes:0.2.27052012.5:*:*:*:*:*:*:*