CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.mesec.cn/archives/296
https://www.mesec.cn/archives/296

Products affected by CVE-2022-36672

Xxyopen » Novel-Plus » Version: 3.6.2

cpe:2.3:a:xxyopen:novel-plus:3.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-36672

Products

Pricing

Contact Us