threat
engine
.sh
Back
·
··:··
Home
/
Product
/
xxyopen novel plus
Product
xxyopen novel plus
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-60299
all versions
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply en
5.4
MEDIUM
CVE-2025-60298
<= 5.2.4
Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName
5.4
MEDIUM
CVE-2025-6535
<= 5.1.3
A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects
6.3
MEDIUM
CVE-2025-6534
<= 5.1.3
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the func
4.2
MEDIUM
CVE-2025-6533
<= 5.1.3
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this is
5.6
MEDIUM
CVE-2025-45890
< 5.1.0
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath
9.8
CRITICAL
CVE-2025-4019
< 5.1.1
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160
7.3
HIGH
CVE-2025-4018
< 5.1.1
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda
5.3
MEDIUM
CVE-2025-4017
<= 5.1.1
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vu
4.3
MEDIUM
CVE-2025-4016
< 5.1.1
A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This
5.4
MEDIUM
CVE-2025-4015
< 5.1.1
A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Af
5.3
MEDIUM
CVE-2025-3856
all versions
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage
6.3
MEDIUM
CVE-2025-3676
all versions
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/f
6.3
MEDIUM
CVE-2025-3369
all versions
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown funct
6.3
MEDIUM
CVE-2025-26182
<= 4.4.0
An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java f
6.5
MEDIUM
CVE-2024-33383
<= 4.3.0
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a cr
7.5
HIGH
CVE-2024-25274
all versions
An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbit
9.8
CRITICAL
CVE-2024-24021
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and
9.8
CRITICAL
CVE-2024-24017
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and
9.8
CRITICAL
CVE-2024-24014
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and
9.8
CRITICAL
CVE-2024-24026
<= 4.2.0
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUser
9.8
CRITICAL
CVE-2024-24025
<= 4.2.0
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController:
9.8
CRITICAL
CVE-2024-24024
<= 4.2.0
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController
9.8
CRITICAL
CVE-2024-24023
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and
9.8
CRITICAL
CVE-2024-24018
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, a
9.8
CRITICAL
CVE-2024-24019
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, a
9.8
CRITICAL
CVE-2024-24015
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, a
9.8
CRITICAL
CVE-2024-24013
<= 4.2.0
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and
9.8
CRITICAL
CVE-2024-0941
all versions
A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the fi
5.5
MEDIUM
CVE-2024-0655
all versions
A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown fu
5.5
MEDIUM
CVE-2023-7171
<= 4.2.0
A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unk
2.4
LOW
CVE-2023-7166
<= 4.2.0
A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user
3.5
LOW
CVE-2023-46981
all versions
SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the s
9.8
CRITICAL
CVE-2023-41443
all versions
SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the s
7.2
HIGH
CVE-2023-30058
all versions
novel-plus 3.6.2 is vulnerable to SQL Injection.
9.8
CRITICAL
CVE-2023-37847
all versions
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
9.8
CRITICAL
CVE-2023-2041
all versions
A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality o
6.3
MEDIUM
CVE-2023-2040
all versions
A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?
6.3
MEDIUM
CVE-2023-2039
all versions
A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the fi
6.3
MEDIUM
CVE-2023-1607
all versions
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /commo
4.7
MEDIUM
CVE-2023-1606
all versions
A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of
6.3
MEDIUM
CVE-2023-1595
all versions
A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functi
4.7
MEDIUM
CVE-2023-1594
all versions
A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file
7.3
HIGH
CVE-2022-36672
all versions
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows att
9.8
CRITICAL
CVE-2022-36671
all versions
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
7.5
HIGH
CVE-2022-35121
all versions
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceIm
9.8
CRITICAL
CVE-2021-42967
all versions
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all version
9.8
CRITICAL
CVE-2022-28462
all versions
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
7.5
HIGH
CVE-2021-41921
all versions
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitra
9.8
CRITICAL
CVE-2022-24568
all versions
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin