Novel Plus
Approved changes feed: RSS · Atom
cpe:2.3:a:20120630:novel-plus:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 20120630 (27ded2f4-3ace-5da6-92de-1b43d82fe98b) |
|---|---|
| Product | Novel Plus (d1e49382-7a76-5636-9797-6dcb1aac7bef) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-4019 |
vulnerable | 2026-06-08 07:29:15.260849 |
20120630 Novel-Plus GeneratorController.java genCode missing authentication
HIGH (7.3)
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T12:00:08.208Z
Updated: 2025-04-28T18:08:53.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4018 |
vulnerable | 2026-06-08 07:29:15.260462 |
20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
MEDIUM (5.3)
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T11:31:05.831Z
Updated: 2025-04-28T12:09:41.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4017 |
vulnerable | 2026-06-08 07:29:15.259970 |
20120630 Novel-Plus LogController.java list improper authorization
MEDIUM (4.3)
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T11:00:08.223Z
Updated: 2025-04-28T12:09:30.135Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4016 |
vulnerable | 2026-06-08 07:29:15.259266 |
20120630 Novel-Plus LogController.java deleteIndex improper authorization
MEDIUM (5.4)
A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T10:31:05.659Z
Updated: 2025-04-28T12:09:17.582Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4015 |
vulnerable | 2026-06-08 07:29:15.257552 |
20120630 Novel-Plus SessionController.java list missing authentication
MEDIUM (5.3)
A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-04-28T10:00:09.386Z
Updated: 2025-04-28T12:10:46.391Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.