5 matches found
CVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...
PT-2025-41256
Name of the Vulnerable Software and Affected Versions Novel-Plus version 5.2.0 Description An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment via the /book/addCommentReply endpoint. The malicious payload is stored in the databa...
Novel-Plus 安全漏洞
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version 5.2.0, which stems from unvalidated input of the replyContent parameter and could lead to a stored cross-site scripting attack...
CVE-2025-60299
CVE-2025-60299 affects Novel-Plus version 5.2.0 with a stored XSS in the /book/addCommentReply endpoint. An authenticated user can inject JavaScript via the replyContent parameter when replying to a book comment; the payload is stored in the database and executes in other users’ browsers viewing ...
CVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...