EUVD-2019-7848

Malware in sbrugna...

CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...

CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17493

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

Design/Logic Flaw

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17489

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...

CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

CVE-2019-17491

Jiangnan Online Judge (jnoj) 0.8.0 is affected by a stored/reflected XSS in the Problem[description] parameter used by web/admin/problem/create and web/polygon/problem/update. The root cause is insufficient validation/escaping of client-side data in the WEB application, allowing injection of scri...

CVE-2019-17493

CVE-2019-17493 affects Jiangnan Online Judge (jnoj) 0.8.0. It has a cross-site scripting (XSS) vulnerability triggered by the Problem[sample_input] parameter in web/admin/problem/create or web/polygon/problem/update. Root cause per CNVD entry is lack of proper validation of client-side data. Impa...