28Ara
CVE-2023-7166 | Novel-Plus up to 4.2.0 HTTP POST Request /user/updateUserInfo nickName cross site scripting
A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-7166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.