ReportizFlow
Filtered by vendor Novel-plus
Subscriptions
Filtered by product Novel-plus
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60298 | 1 Novel-plus | 1 Novel-plus | 2025-10-09 | 5.4 Medium |
| Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter. | ||||
| CVE-2025-60299 | 1 Novel-plus | 1 Novel-plus | 2025-10-09 | 5.4 Medium |
| Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database and is executed in other users’ browsers when they view the affected comment thread. | ||||
| CVE-2024-33383 | 1 Novel-plus | 1 Novel-plus | 2024-11-21 | 7.5 High |
| Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. | ||||
Page 1 of 1.