Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Novel-Plus — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in Novel-Plus, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2025-6535 xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection CWE-89 6.3 Medium2025-06-24
CVE-2025-6534 xxyopen/201206030 novel-plus File FileController.java remove resource injection CWE-99 4.2 Medium2025-06-24
CVE-2025-6533 xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay CWE-294 5.6 Medium2025-06-24
CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication CWE-306 7.3 High2025-04-28
CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication CWE-306 5.3 Medium2025-04-28
CVE-2025-4017 20120630 Novel-Plus LogController.java list improper authorization CWE-285 4.3 Medium2025-04-28
CVE-2025-4016 20120630 Novel-Plus LogController.java deleteIndex improper authorization CWE-285 5.4 Medium2025-04-28
CVE-2025-4015 20120630 Novel-Plus SessionController.java list missing authentication CWE-306 5.3 Medium2025-04-28
CVE-2025-3856 xxyopen Novel-Plus searchByPage sql injection CWE-89 6.3 Medium2025-04-22
CVE-2025-3676 xxyopen Novel-Plus books sql injection CWE-89 6.3 Medium2025-04-16
CVE-2025-3369 xxyopen Novel-Plus list sql injection CWE-89 6.3 Medium2025-04-07
CVE-2024-0941 Novel-Plus list sql injection CWE-89 5.5 Medium2024-01-26
CVE-2024-0655 Novel-Plus list sql injection CWE-89 5.5 Medium2024-01-18
CVE-2023-7171 Novel-Plus Friendly Link FriendLinkController.java cross site scripting CWE-79 2.4 Low2023-12-29
CVE-2023-7166 Novel-Plus HTTP POST Request updateUserInfo cross site scripting CWE-79 3.5 Low2023-12-29
CVE-2023-2041 novel-plus sql injection CWE-89 6.3 Medium2023-04-14
CVE-2023-2040 novel-plus sql injection CWE-89 6.3 Medium2023-04-14
CVE-2023-2039 novel-plus sql injection CWE-89 6.3 Medium2023-04-14
CVE-2023-1607 novel-plus list sql injection CWE-89 4.7 Medium2023-03-23
CVE-2023-1606 novel-plus DictController.java sql injection CWE-89 6.3 Medium2023-03-23
CVE-2023-1595 novel-plus list sql injection CWE-89 4.7 Medium2023-03-23
CVE-2023-1594 novel-plus list MenuService sql injection CWE-89 7.3 High2023-03-23

All 22 known CVE vulnerabilities affecting Novel-Plus with full Chinese analysis, references, and POCs where available.