cbcvebase.

Xxyopen Novel-Plus vulnerabilities

48 known vulnerabilities affecting xxyopen/novel-plus.

Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL28HIGH12MEDIUM8

Vulnerabilities

Page 2 of 3
CVE-2023-1606P3CRITICALCVSS 9.8v3.6.22023-03-23
CVE-2023-1606 [CRITICAL] CWE-89 CVE-2023-1606: A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderby leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulner
nvd
CVE-2024-0655P3CRITICALCVSS 9.8v4.3.0v4.3.0-RC12024-01-18
CVE-2024-0655 [CRITICAL] CWE-89 CVE-2024-0655: A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is
nvd
CVE-2024-24024P3CRITICALCVSS 9.8≤ 4.2.0v4.3.02024-02-08
CVE-2024-24024 [CRITICAL] CWE-434 CVE-2024-24024: An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.co An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
nvd
CVE-2024-24023P3CRITICALCVSS 9.8≤ 4.2.0v4.3.02024-02-08
CVE-2024-24023 [CRITICAL] CWE-89 CVE-2024-24023: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specia A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
nvd
CVE-2024-24021P3CRITICALCVSS 9.8≤ 4.2.0v4.3.02024-02-08
CVE-2024-24021 [CRITICAL] CWE-89 CVE-2024-24021: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specia A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.
nvd
CVE-2023-1607P3HIGHCVSS 8.8v3.6.22023-03-23
CVE-2023-1607 [HIGH] CWE-89 CVE-2023-1607: A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an u A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned
nvd
CVE-2025-45890P3CRITICALCVSS 9.8fixed in 5.1.02025-06-20
CVE-2025-45890 [CRITICAL] CWE-22 CVE-2025-45890: Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute a Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter
nvd
CVE-2023-1594P3CRITICALCVSS 9.8v3.6.22023-03-23
CVE-2023-1594 [CRITICAL] CWE-89 CVE-2023-1594: A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the fu A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigne
nvd
CVE-2023-46981P3CRITICALCVSS 9.8v4.2.02023-11-05
CVE-2023-46981 [CRITICAL] CWE-89 CVE-2023-46981: SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.
nvd
CVE-2025-4018P3HIGHCVSS 7.5fixed in 5.1.12025-04-28
CVE-2025-4018 [HIGH] CWE-287 CVE-2025-4018: A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156 A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remo
nvd
CVE-2022-35121P3CRITICALCVSS 9.8v3.6.12022-08-17
CVE-2022-35121 [CRITICAL] CWE-89 CVE-2022-35121: Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
nvd
CVE-2023-37847P3CRITICALCVSS 9.8v3.6.22023-08-14
CVE-2023-37847 [CRITICAL] CWE-89 CVE-2023-37847: novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
nvd
CVE-2025-4015P3HIGHCVSS 7.5fixed in 5.1.12025-04-28
CVE-2025-4015 [HIGH] CWE-287 CVE-2025-4015: A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication. The attack may be launched remotely. The
nvd
CVE-2022-36672P3CRITICALCVSS 9.8v3.6.22022-09-01
CVE-2022-36672 [CRITICAL] CWE-798 CVE-2022-36672: Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.
nvd
CVE-2023-1595P3HIGHCVSS 7.2v3.6.22023-03-23
CVE-2023-1595 [HIGH] CWE-89 CVE-2023-1595: A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vuln A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of
nvd
CVE-2025-6534P3MEDIUMCVSS 6.8≤ 5.1.3v5.1.0+3 more2025-06-24
CVE-2025-6534 [MEDIUM] CWE-99 CVE-2025-6534: A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up t A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiat
nvd
CVE-2024-33383P3HIGHCVSS 7.5≤ 4.3.02024-04-30
CVE-2024-33383 [HIGH] CWE-639 CVE-2024-33383: Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter.
nvd
CVE-2025-4017P3MEDIUMCVSS 6.5≤ 5.1.12025-04-28
CVE-2025-4017 [MEDIUM] CWE-266 CVE-2025-4017: A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563b A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. The attack can be initiated remotely. The expl
nvd
CVE-2022-28462P3HIGHCVSS 7.5v3.6.02022-05-05
CVE-2022-28462 [HIGH] CWE-552 CVE-2022-28462: novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
nvd
CVE-2022-36671P3HIGHCVSS 7.5v3.6.22022-09-01
CVE-2022-36671 [HIGH] CWE-494 CVE-2022-36671: Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the backgro Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
nvd
Xxyopen Novel-Plus vulnerabilities | cvebase