Xxyopen

Novel-plus

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-60299

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.10.2025 00:00:00
  • Zuletzt bearbeitet 10.10.2025 16:18:08

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book...

5.4

CVE-2025-60298

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.10.2025 00:00:00
  • Zuletzt bearbeitet 10.10.2025 16:18:15

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName p...

8.8

CVE-2025-6535

Exploit
  • EPSS 0.03%
  • Veröffentlicht 24.06.2025 01:15:25
  • Zuletzt bearbeitet 09.07.2025 19:08:02

A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Managem...

6.8

CVE-2025-6534

Exploit
  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 00:31:05
  • Zuletzt bearbeitet 09.07.2025 19:08:31

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component Fil...

5.9

CVE-2025-6533

Exploit
  • EPSS 0.11%
  • Veröffentlicht 24.06.2025 00:00:12
  • Zuletzt bearbeitet 01.10.2025 19:48:18

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java o...

9.8

CVE-2025-45890

Exploit
  • EPSS 1.79%
  • Veröffentlicht 20.06.2025 00:00:00
  • Zuletzt bearbeitet 26.06.2025 14:25:56

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

9.8

CVE-2025-4019

  • EPSS 0.08%
  • Veröffentlicht 28.04.2025 12:00:08
  • Zuletzt bearbeitet 10.10.2025 19:12:26

A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorControll...

7.5

CVE-2025-4018

Exploit
  • EPSS 0.08%
  • Veröffentlicht 28.04.2025 11:31:05
  • Zuletzt bearbeitet 10.10.2025 19:15:21

A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller...

6.5

CVE-2025-4017

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.04.2025 11:15:38
  • Zuletzt bearbeitet 10.10.2025 19:17:55

A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController...

9.1

CVE-2025-4016

  • EPSS 0.08%
  • Veröffentlicht 28.04.2025 10:31:05
  • Zuletzt bearbeitet 17.10.2025 16:01:07

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java....