Unrated severityNVD Advisory· Published Oct 8, 2025· Updated Oct 8, 2025

CVE-2025-60298

Description

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter.

Affected products

Novel-Plus/Novel-Plusdescription
Xxyopen/Novel Plusllm-fuzzy
Range: <=5.2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

notes.sjtu.edu.cn/s/FB0dX82qfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000