CVE-2025-12071 Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2021-25954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr application, 2.8.1 to 13.0.4 don't restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can...

CVE-2024-9030

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

PT-2023-7576 · Unknown · Sticky Notes App Using Php With Source Code

Name of the Vulnerable Software and Affected Versions: Sticky Notes App Using PHP with Source Code version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This vulnerability can be exploited by a remote attacker to gain access to confidential information...

CVE-2023-5791

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-5792

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been...

PT-2023-32330 · Sourcecodester · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A critical vulnerability has been found in the SourceCodester Sticky Notes App, affecting the file endpoint/delete-note.php. The manipulation of the note argument leads to SQL injection...

SourceCodester Sticky Notes Cross-Site Scripting Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters noteTitle/noteContent in the file endpoint/add-note.php...

CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

UBUNTU-CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

PT-2021-3962 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 2.8.1 through 13.0.4 Description: The issue is related to inadequate access control in the Dolibarr application, allowing a low-privileged attacker to modify the Private Note, which is only supposed to be accessible by...

PT-2019-15016 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 10.0.2 Description: The issue concerns HTML Injection in the Note field, specifically via the user/note.php endpoint. This allows for potential malicious code injection. Recommendations: For Dolibarr ERP/CRM version...

UBUNTU-CVE-2019-11548

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint...