CVE-2023-7166
Novel-Plus up to 4.2.0 contains a cross-site scripting vulnerability in the HTTP POST handler at /user/updateUserInfo via the nickName parameter. The issue can be triggered remotely, and the exploit has been disclosed publicly. A patch is identified by c62da9bb3a9b3603014d0edb436146512631100d, an...