PT-2019-15168 · Jnoj · Jiangnan Online Judge

Publicado

2019-10-10

Atualizado

2019-10-11

CVE-2019-17493

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jiangnan Online Judge (aka jnoj) version 0.8.0

Description The issue concerns an XSS vulnerability. It can be exploited via the sample input parameter in specific API endpoints, such as "web/admin/problem/create" or "web/polygon/problem/update".

Recommendations For version 0.8.0, as a temporary workaround, consider restricting access to the sample input parameter in the affected API endpoints until a patch is available. Avoid using the sample input parameter in the "web/admin/problem/create" and "web/polygon/problem/update" endpoints until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-17493

Produtos afetados

Jiangnan Online Judge

PT-2019-15168 · Jnoj · Jiangnan Online Judge

CVE-2019-17493

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3