CNNVD-202512-4976 Information

CNNVD ID

CNNVD-202512-4976

Related CVE

CVE-2025-65442

• CNNVD Published: 2025-12-29

Description (Chinese)

novel是xxyopen开源的一个开源小说系统。 novel V3.5.0版本存在安全漏洞，该漏洞源于对用户可控数据验证和编码不足，可能导致执行任意JavaScript代码或泄露敏感信息。

Description (English)

Novel is an open-source novel system from xxyopen open source. There is a security loophole in version novel V3.5.0, which stems from inadequate validation and coding of user-controlled data, which may lead to the enforcement of any JavaScript code or the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

xxyopen

Published

2025-12-29

Last Modified

2026-02-24

References

https://github.com/201206030/novel https://github.com/201206030/novel-front-web https://github.com/zero-day348/DOM-based-Cross-Site-Scripting-XSS-Vulnerability-in-novel-V3.5.0-CWE-79-