CVE-2025-1154

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Related Vulnerabilities

CVE-2016-2980

MEDIUM
CVSS:6.3(Medium)

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-For...

CWE-742016

CVE-2017-18389

MEDIUM
CVSS:6.3(Medium)

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

CWE-742017

CVE-2017-20196

MEDIUM
CVSS:6.3(Medium)

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argume...

CWE-742017

CVE-2018-25106

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy...

CWE-742018

CVE-2019-10792

MEDIUM
CVSS:6.3(Medium)

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019

CVE-2019-10793

MEDIUM
CVSS:6.3(Medium)

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019