CVE-2025-60299

Published: Oct 8, 2025

Modified: Oct 8, 2025

PUBLISHED

Description

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database and is executed in other users’ browsers when they view the affected comment thread.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/201206030/novel-plus

https://notes.sjtu.edu.cn/s/OtnFaGbI4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60299

Description

Affected Products

References