CVSS 3.1 Score 5.4 of 10 (medium)


Published Dec 29, 2023
Updated: Mar 21, 2024


CVE-2023-7166 is a vulnerability that affects Novel-Plus up to version 4.2.0. It involves a cross-site scripting (XSS) attack that can be remotely initiated by manipulating the "nickName" argument in the "/user/updateUserInfo" file of the HTTP POST Request Handler component. The vulnerability has been disclosed publicly and there is a known exploit available. To remediate this issue, it is recommended to apply the patch with identifier c62da9bb3a9b3603014d0edb436146512631100d. The potential danger of this vulnerability lies in the ability for attackers to execute malicious scripts and potentially gain unauthorized access or steal sensitive information from affected organizations.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-7166 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options