Approved changes feed: RSS · Atom

cpe:2.3:a:20120630:novel-plus:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor20120630 (27ded2f4-3ace-5da6-92de-1b43d82fe98b)
ProductNovel Plus (d1e49382-7a76-5636-9797-6dcb1aac7bef)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-4019 vulnerable 2026-06-08 07:29:15.260849 20120630 Novel-Plus GeneratorController.java genCode missing authentication
HIGH (7.3)
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T12:00:08.208Z
Updated: 2025-04-28T18:08:53.606Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4018 vulnerable 2026-06-08 07:29:15.260462 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
MEDIUM (5.3)
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T11:31:05.831Z
Updated: 2025-04-28T12:09:41.057Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4017 vulnerable 2026-06-08 07:29:15.259970 20120630 Novel-Plus LogController.java list improper authorization
MEDIUM (4.3)
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T11:00:08.223Z
Updated: 2025-04-28T12:09:30.135Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4016 vulnerable 2026-06-08 07:29:15.259266 20120630 Novel-Plus LogController.java deleteIndex improper authorization
MEDIUM (5.4)
A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T10:31:05.659Z
Updated: 2025-04-28T12:09:17.582Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4015 vulnerable 2026-06-08 07:29:15.257552 20120630 Novel-Plus SessionController.java list missing authentication
MEDIUM (5.3)
A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T10:00:09.386Z
Updated: 2025-04-28T12:10:46.391Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.