CVE-2025-60299
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xxyopen | novel-plus | 5.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-60299 is a Stored Cross-Site Scripting (XSS) vulnerability in Novel-Plus version 5.2.0, specifically in the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript code via the replyContent parameter when replying to a book comment. This malicious script is stored in the backend database and later executed in the browsers of other users who view the affected comment thread, due to missing XSS filtering and lack of proper output encoding. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including session hijacking by stealing session cookies, account takeover or Cross-Site Request Forgery (CSRF)-like actions by executing privileged operations in the victim's session, data exfiltration and phishing through DOM scraping and redirection to attacker-controlled sites, and defacement or degradation of user experience by injecting arbitrary JavaScript or HTML. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending an authenticated POST request to the /book/addCommentReply endpoint with a payload containing a script tag in the replyContent parameter, such as <script>alert('xss!')</script>. If the payload is accepted and stored, and subsequently executes when viewing the comment thread, the system is vulnerable. For example, you can use curl to test this: curl -X POST -d "replyContent=<script>alert('xss!')</script>" -b cookie.txt https://your-novel-plus-domain/book/addCommentReply (where cookie.txt contains authentication cookies). Then, view the affected comment thread in a browser to see if the alert executes. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the application.yml configuration to add /book/addCommentReply to the xss.urlPatterns list, enabling the global XSS filter for this endpoint. Additionally, ensure that proper output encoding or HTML-escaping is applied when rendering the stored replyContent to prevent script execution in users' browsers. [1]