← back
CVE-2021-47972

Sticky Notes & Color Widgets 1.4.2 Denial of Service

CVSS 8.7 HIGHEPSS 0.3%CWE-789
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
sticky-notes-color-widgets · Sticky Notes Color Widgets
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49957unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/49957https://www.vulncheck.com/advisories/sticky-notes-color-widgets-denial-of-service