PT-2025-41255 · Unknown · Novel-Plus
201206030
·
Published
2025-10-08
·
Updated
2025-10-08
·
CVE-2025-60298
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Novel-Plus versions up to 5.2.4
Description
The software contains a Stored Cross-Site Scripting (XSS) issue. Authenticated attackers can inject malicious JavaScript code through the
indexName parameter of the /author/updateIndexName API endpoint. This code is stored in the database and executed when other users view the affected book chapter.Recommendations
Update Novel-Plus to a version later than 5.2.4.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novel-Plus