A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2023-7166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.