PT-2019-15168 · Jnoj · Jiangnan Online Judge

Published

2019-10-10

Updated

2019-10-11

CVE-2019-17493

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jiangnan Online Judge (aka jnoj) version 0.8.0

Description The issue concerns an XSS vulnerability. It can be exploited via the sample input parameter in specific API endpoints, such as "web/admin/problem/create" or "web/polygon/problem/update".

Recommendations For version 0.8.0, as a temporary workaround, consider restricting access to the sample input parameter in the affected API endpoints until a patch is available. Avoid using the sample input parameter in the "web/admin/problem/create" and "web/polygon/problem/update" endpoints until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17493

Affected Products

Jiangnan Online Judge

PT-2019-15168 · Jnoj · Jiangnan Online Judge

CVE-2019-17493

Weakness Enumeration

Related Identifiers

Affected Products

References · 3