Vulnerabilities > Jnoj

DATE CVE VULNERABILITY TITLE RISK
2019-10-13 CVE-2019-17538 Path Traversal vulnerability in Jnoj Jiangnan Online Judge 0.8.0
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
network
low complexity
jnoj CWE-22
7.5
7.5
2019-10-13 CVE-2019-17537 Path Traversal vulnerability in Jnoj Jiangnan Online Judge 0.8.0
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
network
low complexity
jnoj CWE-22
7.5
7.5
2019-10-10 CVE-2019-17493 Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
network
low complexity
jnoj CWE-79
6.1
6.1
2019-10-10 CVE-2019-17491 Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
network
low complexity
jnoj CWE-79
6.1
6.1
2019-10-10 CVE-2019-17490 Unrestricted Upload of File with Dangerous Type vulnerability in Jnoj Jiangnan Online Judge 0.8.0
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.
network
low complexity
jnoj CWE-434
8.8
8.8
2019-10-10 CVE-2019-17489 Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
network
low complexity
jnoj CWE-79
6.1
6.1