Novel Plus
by Xxyopen
Source repositories
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42967 | 0.00 | — | 0.01 | May 13, 2022 | Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | |||
| CVE-2022-28462 | 0.00 | — | 0.01 | May 5, 2022 | novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. | |||
| CVE-2022-24568 | 0.00 | — | 0.01 | Feb 10, 2022 | Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | |||
| CVE-2021-30048 | 0.00 | — | 0.02 | Apr 29, 2021 | Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. |
- CVE-2021-42967May 13, 2022risk 0.00cvss —epss 0.01
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.
- CVE-2022-28462May 5, 2022risk 0.00cvss —epss 0.01
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
- CVE-2022-24568Feb 10, 2022risk 0.00cvss —epss 0.01
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.
- CVE-2021-30048Apr 29, 2021risk 0.00cvss —epss 0.02
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
Page 3 of 3