Xxyopen

Novel-plus

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-6535

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.06.2025 01:15:25
  • Zuletzt bearbeitet 09.07.2025 19:08:02

A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Managem...

6.8

CVE-2025-6534

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.06.2025 00:31:05
  • Zuletzt bearbeitet 09.07.2025 19:08:31

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component Fil...

5.9

CVE-2025-6533

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.06.2025 00:00:12
  • Zuletzt bearbeitet 01.10.2025 19:48:18

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java o...

9.8

CVE-2025-45890

Exploit
  • EPSS 2.88%
  • Veröffentlicht 20.06.2025 00:00:00
  • Zuletzt bearbeitet 26.06.2025 14:25:56

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

6.3

CVE-2025-3856

  • EPSS 0.03%
  • Veröffentlicht 22.04.2025 01:00:11
  • Zuletzt bearbeitet 23.04.2025 14:08:13

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate...

9.8

CVE-2025-3676

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2025 08:15:14
  • Zuletzt bearbeitet 23.04.2025 16:17:29

A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack r...

6.3

CVE-2025-3369

  • EPSS 0.03%
  • Veröffentlicht 07.04.2025 13:31:04
  • Zuletzt bearbeitet 07.04.2025 14:17:50

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack ma...

6.5

CVE-2025-26182

  • EPSS 0.17%
  • Veröffentlicht 04.03.2025 17:15:18
  • Zuletzt bearbeitet 05.03.2025 19:15:39

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

9.8

CVE-2024-25274

  • EPSS 0.24%
  • Veröffentlicht 20.02.2024 16:15:10
  • Zuletzt bearbeitet 02.04.2025 20:19:48

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

9.8

CVE-2024-24021

  • EPSS 0.07%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 09.06.2025 17:15:27

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.