Unrated severityNVD Advisory· Published Oct 8, 2025· Updated Oct 8, 2025
CVE-2025-60298
CVE-2025-60298
Description
Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Novel-Plus/Novel-Plusdescription
- Range: <=5.2.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.