Vulnerabilities > Xxyopen

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-2039 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2
A vulnerability was found in novel-plus 3.6.2.
network
low complexity
xxyopen CWE-89
8.8
2023-03-23 CVE-2023-1607 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2
A vulnerability was found in novel-plus 3.6.2.
network
low complexity
xxyopen CWE-89
8.8
2023-03-23 CVE-2023-1606 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2
A vulnerability was found in novel-plus 3.6.2 and classified as critical.
network
low complexity
xxyopen CWE-89
critical
9.8
2023-03-23 CVE-2023-1595 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2
A vulnerability has been found in novel-plus 3.6.2 and classified as critical.
network
low complexity
xxyopen CWE-89
7.2
2023-03-23 CVE-2023-1594 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2
A vulnerability, which was classified as critical, was found in novel-plus 3.6.2.
network
low complexity
xxyopen CWE-89
critical
9.8
2022-09-01 CVE-2022-36671 Download of Code Without Integrity Check vulnerability in Xxyopen Novel-Plus 3.6.2
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
network
low complexity
xxyopen CWE-494
7.5
2022-09-01 CVE-2022-36672 Use of Hard-coded Credentials vulnerability in Xxyopen Novel-Plus 3.6.2
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file.
network
low complexity
xxyopen CWE-798
critical
9.8
2022-08-17 CVE-2022-35121 SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
network
low complexity
xxyopen CWE-89
critical
9.8
2022-05-13 CVE-2021-42967 Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.
network
low complexity
xxyopen CWE-434
critical
9.8
2022-05-05 CVE-2022-28462 Files or Directories Accessible to External Parties vulnerability in Xxyopen Novel-Plus 3.6.0
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
network
low complexity
xxyopen CWE-552
7.5