Vulnerabilities > Xxyopen

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-14	CVE-2023-2039	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability was found in novel-plus 3.6.2. network low complexity xxyopen CWE-89	8.8
2023-03-23	CVE-2023-1607	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability was found in novel-plus 3.6.2. network low complexity xxyopen CWE-89	8.8
2023-03-23	CVE-2023-1606	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability was found in novel-plus 3.6.2 and classified as critical. network low complexity xxyopen CWE-89 critical	9.8
2023-03-23	CVE-2023-1595	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability has been found in novel-plus 3.6.2 and classified as critical. network low complexity xxyopen CWE-89	7.2
2023-03-23	CVE-2023-1594	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. network low complexity xxyopen CWE-89 critical	9.8
2022-09-01	CVE-2022-36671	Download of Code Without Integrity Check vulnerability in Xxyopen Novel-Plus 3.6.2 Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. network low complexity xxyopen CWE-494	7.5
2022-09-01	CVE-2022-36672	Use of Hard-coded Credentials vulnerability in Xxyopen Novel-Plus 3.6.2 Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. network low complexity xxyopen CWE-798 critical	9.8
2022-08-17	CVE-2022-35121	SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1 Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. network low complexity xxyopen CWE-89 critical	9.8
2022-05-13	CVE-2021-42967	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. network low complexity xxyopen CWE-434 critical	9.8
2022-05-05	CVE-2022-28462	Files or Directories Accessible to External Parties vulnerability in Xxyopen Novel-Plus 3.6.0 novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. network low complexity xxyopen CWE-552	7.5

Vulnerabilities > Xxyopen {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xxyopen"}]}

Vulnerabilities > Xxyopen