VYPR
Vendor

Xxyopen

Products
2
CVEs
47
Across products
47
Status
Private

Products

2

Recent CVEs

47
View all 47 CVEs →
  • CVE-2025-6535MedJun 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation…

  • CVE-2025-1154MedFeb 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched…

  • CVE-2025-6533MedJun 24, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA…

  • CVE-2025-6534MedJun 24, 2025
    risk 0.27cvss 4.2epss 0.00

    A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation…

  • CVE-2025-65442Dec 29, 2025
    risk 0.00cvss epss 0.00

    DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malicious script injection…

  • CVE-2025-60298Oct 8, 2025
    risk 0.00cvss epss 0.00

    Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored…

  • CVE-2025-60299Oct 8, 2025
    risk 0.00cvss epss 0.00

    Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is…

  • CVE-2025-45890Jun 20, 2025
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

  • CVE-2025-4036Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to…

  • CVE-2025-4019Apr 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation…

  • CVE-2025-4018Apr 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The…

  • CVE-2025-4017Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads…

  • CVE-2025-4016Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to…

  • CVE-2025-4015Apr 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The…

  • CVE-2025-3856Apr 22, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-3676Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-3369Apr 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/friendLink/list. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The…

  • CVE-2025-26182Mar 4, 2025
    risk 0.00cvss epss 0.00

    An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

  • CVE-2024-25274Feb 20, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-24017Feb 8, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list