pwn.college has a XSS on dojo pages

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

访问控制不恰当

DOJO 访问控制错误漏洞

DOJO是pwn.college开源的一款JavaScript工具箱。 DOJO存在访问控制错误漏洞，该漏洞源于在呈现自定义DOJO页面时缺少访问控制，导致用户能够创建存储型跨站脚本(XSS)漏洞。

N/A

N/A