Novel-plus Security Vulnerabilities and Issues — Novel-plus CVE List

Lucene search

XxyopenNovel-plus

7 matches found

CVE•added 2022/09/01 3:15 a.m.•310 views

CVE-2022-36671

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.

7.5CVSS7.6AI score0.00095EPSS

CVE•added 2022/09/01 3:15 a.m.•293 views

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.

9.8CVSS9.2AI score0.00155EPSS

CVE•added 2022/02/10 7:15 p.m.•73 views

CVE-2022-24568

Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.

9.8CVSS9.5AI score0.00299EPSS

CVE•added 2022/04/28 1:15 p.m.•65 views

CVE-2021-41921

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.

9.8CVSS9.6AI score0.0081EPSS

CVE•added 2022/05/05 1:15 p.m.•65 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.

7.5CVSS7.5AI score0.00251EPSS

CVE•added 2022/05/13 12:15 p.m.•54 views

CVE-2021-42967

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.

9.8CVSS9.3AI score0.00344EPSS

CVE•added 2022/08/17 8:15 p.m.•44 views

CVE-2022-35121

Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.

9.8CVSS9.8AI score0.00077EPSS