← voltar
CVE-2025-60298

CVE-2025-60298

CVSS 5.4 MEDIUMEPSS 0.2%CWE-79
Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/201206030/novel-plushttps://notes.sjtu.edu.cn/s/FB0dX82qfhttps://notes.sjtu.edu.cn/s/FB0dX82qf#