CVE-2023-7166 | Novel-Plus up to 4.2.0 HTTP POST Request /user/updateUserInfo nickName cross site scripting

Inserito da Angelo Barbosa | Dic 28, 2023 | CVE

A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2023-7166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2023-7166 | Novel-Plus up to 4.2.0 HTTP POST Request /user/updateUserInfo nickName cross site scripting

Post correlati

CVE-2024-20758 | Adobe Commerce up to 2.4.6-p4/2.4.5-p6/2.4.4-p7/2.4.7-beta3 input validation (apsb24-18)

CVE-2022-3556 | Cab Fare Calculator Plugin up to 1.1.6 on WordPress cross site scripting

CVE-2024-8154 | SourceCodester QR Code Bookmark System 1.0 Parameter update-bookmark.php tbl_bookmark_id/name/url cross site scripting

CVE-2023-38360 | IBM CICS TX Advanced 10.1 Web UI cross site scripting (XFDB-260769)