Filtered by vendor Xxyopen
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24568 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | ||||
| CVE-2021-42967 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | ||||
| CVE-2021-41921 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | ||||