CVE-2023-7171

Name of the Vulnerable Software and Affected Versions Novel-Plus versions up to 4.2.0

Description A vulnerability was found in the component Friendly Link Handler, specifically in the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java. The manipulation of an unknown functionality leads to cross-site scripting. The attack can be launched remotely, and the exploit has been disclosed to the public.

Recommendations For Novel-Plus versions up to 4.2.0, it is recommended to apply a patch to fix this issue. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. As a temporary workaround, consider restricting access to the vulnerable component Friendly Link Handler until a patch is applied.