Plr47

**Name of the Vulnerable Software and Affected Versions** HZNUOJ version 1.0 **Description** A cross-site scripting (XSS) issue was found in the `/cal scores.php` function of the OJ/admin-tool. This affects the ability to properly secure user input, potentially leading to malicious script execution. **Recommendations** For HZNUOJ version 1.0, consider disabling the `/cal scores.php` function until a patch is available to prevent potential exploitation. Restrict access to the OJ/admin-tool to minimize the risk of XSS attacks. Avoid using the `/cal scores.php` endpoint in the OJ/admin-tool until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.