Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-7171— Novel-Plus Friendly Link FriendLinkController.java cross site scripting

CVSS 2.4 · Low EPSS 0.10% · P27
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-7171

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Novel-Plus Friendly Link FriendLinkController.java cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Novel-Plus 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Novel-Plus是Novel-Plus公司的一个在线社交阅读和写作平台。 Novel-Plus 4.2.0及之前版本存在跨站脚本漏洞,该漏洞源于文件novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java会导致跨站脚本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Novel-Plus 4.0 -

II. Public POCs for CVE-2023-7171

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-7171

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-12-29 · 26 CVEs total

CVE-2023-71587.3 HIGHMicroPython objslice.c slice_indices heap-based overflow
CVE-2023-71525.5 MEDIUMMicroPython modselect.c poll_set_add_fd use after free
CVE-2023-71663.5 LOWNovel-Plus HTTP POST Request updateUserInfo cross site scripting
CVE-2023-50559XiangShan 安全漏洞
CVE-2023-52240Kantega SAML SSO OIDC Kerberos 安全漏洞
CVE-2023-50071Customer Support System 安全漏洞
CVE-2023-50070Customer Support System 安全漏洞
CVE-2023-50069WireMock 安全漏洞
CVE-2023-50035PHPGurukul Small CRM 安全漏洞
CVE-2023-50572JLine 安全漏洞
CVE-2023-50571Easy Rules 安全漏洞
CVE-2023-50570IPAddress 安全漏洞
CVE-2023-31300Sesami Cash Point & Transport Optimizer 安全漏洞
CVE-2023-23634Documize 安全漏洞
CVE-2023-31302Sesami Cash Point & Transport Optimizer 安全漏洞
CVE-2023-31295Sesami Cash Point & Transport Optimizer 安全漏洞
CVE-2023-52174XnView Classic 安全漏洞
CVE-2023-52173XnView Classic 安全漏洞
CVE-2023-31299Sesami Cash Point & Transport Optimizer 安全漏洞
CVE-2023-31296Sesami Cash Point & Transport Optimizer 安全漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Novel-Plus
Same vendor: n/a
Same weakness: CWE-79

V. Comments for CVE-2023-7171

No comments yet

Leave a comment