xxyopen

Top products

The 15 most recently published vulnerabilities affecting xxyopen.

• CVE-2025-65442DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cooki...6.1Dec 29, 2025
• CVE-2025-60299Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript throu...5.4Oct 8, 2025
• CVE-2025-60298Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inj...5.4Oct 8, 2025
• CVE-2025-6535xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection6.3Jun 24, 2025
• CVE-2025-6534xxyopen/201206030 novel-plus File FileController.java remove resource injection4.2Jun 24, 2025
• CVE-2025-6533xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay5.6Jun 24, 2025
• CVE-2025-45890Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter9.8Jun 20, 2025
• CVE-2025-4036201206030 Novel Chapter AuthorController.java updateBookChapter access control6.3Apr 28, 2025
• CVE-2025-401920120630 Novel-Plus GeneratorController.java genCode missing authentication7.3Apr 28, 2025
• CVE-2025-401820120630 Novel-Plus CrawlController.java addCrawlSource missing authentication5.3Apr 28, 2025
• CVE-2025-401720120630 Novel-Plus LogController.java list improper authorization4.3Apr 28, 2025
• CVE-2025-401620120630 Novel-Plus LogController.java deleteIndex improper authorization5.4Apr 28, 2025
• CVE-2025-401520120630 Novel-Plus SessionController.java list missing authentication5.3Apr 28, 2025
• CVE-2025-3956201206030 novel-cloud BookInfoMapper.xml RestResp sql injection6.3Apr 27, 2025
• CVE-2025-3856xxyopen Novel-Plus searchByPage sql injection6.3Apr 22, 2025