CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-47014
https://notcve.org/view.php?id=CVE-2023-47014
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Sourcecodester Sticky Notes App que utiliza PHP con código fuente v.1.0 permite a un atacante local obtener información confidencial a través de un payload manipulado en add-note.php. • https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS/blob/main/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5792 – SourceCodester Sticky Notes App delete-note.php sql injection
https://notcve.org/view.php?id=CVE-2023-5792
A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf https://vuldb.com/?ctiid.243598 https://vuldb.com/?id.243598 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5791 – SourceCodester Sticky Notes App add-note.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5791
A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/Cross%20Site%20Scripting.pdf https://vuldb.com/?ctiid.243597 https://vuldb.com/?id.243597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •