Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution
Vulnerability Description
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`. This is a sandbox escape leading to arbitrary javascript execution as the dojo's origin. A challenge author can craft a page that executes any dangerous actions that the user could. Version e33da14449a5abcff507e554f66e2141d6683b0a patches the issue.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
DOJO 跨站脚本漏洞
Vulnerability Description
DOJO是pwn.college开源的一款JavaScript工具箱。 pwn.college DOJO存在跨站脚本漏洞,该漏洞源于缺少沙箱隔离,可能导致沙箱逃逸和任意JavaScript执行。
CVSS Information
N/A
Vulnerability Type
N/A