An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file
References
Link | Resource |
---|---|
https://gist.github.com/GSBP0/007355c5f6bd213264ae1c35c347e5cc | Exploit Third Party Advisory |
Configurations
History
24 Jun 2025, 15:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:* | |
First Time |
Xxyopen novel-plus
Xxyopen |
|
References | () https://gist.github.com/GSBP0/007355c5f6bd213264ae1c35c347e5cc - Exploit, Third Party Advisory |
05 Mar 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
Summary |
|
04 Mar 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-04 17:15
Updated : 2025-06-24 15:30
NVD link : CVE-2025-26182
Mitre link : CVE-2025-26182
CVE.ORG link : CVE-2025-26182
JSON object : View
Products Affected
xxyopen
- novel-plus
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')