Hustoj

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24479 CRITICAL PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL RCE Path Traversal +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-23873 CRITICAL POC Act Now

HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets.

Linux PHP MySQL Hustoj
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-50938 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hustoj
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24479
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL +3
NVD GitHub
CVE-2026-23873
EPSS 0% CVSS 9.0
CRITICAL POC Act Now

HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets.

Linux PHP MySQL +1
NVD GitHub
CVE-2025-50938
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hustoj
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy