Xxyopen

Novel-plus

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-4015

  • EPSS 0.06%
  • Veröffentlicht 28.04.2025 10:00:09
  • Zuletzt bearbeitet 17.10.2025 16:03:41

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionCo...

9.8

CVE-2025-3856

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.04.2025 01:00:11
  • Zuletzt bearbeitet 15.10.2025 18:49:12

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate...

9.8

CVE-2025-3676

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.04.2025 08:15:14
  • Zuletzt bearbeitet 23.04.2025 16:17:29

A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack r...

9.8

CVE-2025-3369

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.04.2025 13:31:04
  • Zuletzt bearbeitet 10.10.2025 16:49:07

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack ma...

6.5

CVE-2025-26182

  • EPSS 0.3%
  • Veröffentlicht 04.03.2025 17:15:18
  • Zuletzt bearbeitet 05.03.2025 19:15:39

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

7.5

CVE-2024-33383

Exploit
  • EPSS 0.27%
  • Veröffentlicht 30.04.2024 20:15:08
  • Zuletzt bearbeitet 10.10.2025 18:23:50

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter.

9.8

CVE-2024-25274

  • EPSS 0.24%
  • Veröffentlicht 20.02.2024 16:15:10
  • Zuletzt bearbeitet 02.04.2025 20:19:48

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

9.8

CVE-2024-24021

  • EPSS 0.09%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 09.06.2025 17:15:27

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.

9.8

CVE-2024-24017

  • EPSS 0.06%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:58:49

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list

9.8

CVE-2024-24014

  • EPSS 0.09%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 05.06.2025 19:15:26

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list