A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2023-7171. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.