HUSTOF
by HUSTOF
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50938 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2025 | Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. | ||
| CVE-2022-42187 | Med | 0.40 | 6.1 | 0.00 | Nov 17, 2022 | Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. | ||
| CVE-2026-24479 | 0.04 | — | 0.08 | Jan 27, 2026 | HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a… | |||
| CVE-2026-23873 | 0.00 | — | 0.01 | Jan 21, 2026 | hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application… |
- risk 0.40cvss 6.1epss 0.00
Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.
- risk 0.40cvss 6.1epss 0.00
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.
- CVE-2026-24479Jan 27, 2026risk 0.04cvss —epss 0.08
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a…
- CVE-2026-23873Jan 21, 2026risk 0.00cvss —epss 0.01
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application…