CVE-2019-17491

Name of the Vulnerable Software and Affected Versions Jiangnan Online Judge (aka jnoj) version 0.8.0

Description The issue concerns a security problem where an attacker can execute malicious scripts. This is possible due to the lack of proper input validation in the Problem[description] parameter. The vulnerable API endpoints are "web/admin/problem/create" and "web/polygon/problem/update".

Recommendations For version 0.8.0, as a temporary workaround, consider restricting access to the Problem[description] parameter in the affected API endpoints until a patch is available. Avoid using the Problem[description] parameter in the "web/admin/problem/create" and "web/polygon/problem/update" endpoints until the issue is resolved.