Description

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database and is executed in other users’ browsers when they view the affected comment thread.

INFO

Published Date :

2025-10-08T00:00:00.000Z

Last Modified :

2025-10-08T20:42:15.303Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60299 vulnerability.

Vendors Products
Novel-plus
  • Novel-plus
Xxyopen
  • Novel-plus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60299.

URL Resource
https://github.com/201206030/novel-plus cve-icon cve-icon
https://notes.sjtu.edu.cn/s/OtnFaGbI4 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact