Vulnerabilities > Jnoj
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-13 | CVE-2019-17538 | Path Traversal vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | 5.0 |
| 2019-10-13 | CVE-2019-17537 | Path Traversal vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | 6.4 |
| 2019-10-10 | CVE-2019-17493 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | 4.3 |
| 2019-10-10 | CVE-2019-17491 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | 4.3 |
| 2019-10-10 | CVE-2019-17490 | Unrestricted Upload of File with Dangerous Type vulnerability in Jnoj Jiangnan Online Judge 0.8.0 app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | 6.5 |
| 2019-10-10 | CVE-2019-17489 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | 4.3 |