CNNVD-202601-4850 Information

CNNVD ID

CNNVD-202601-4850

Related CVE

CVE-2026-25117

• CNNVD Published: 2026-01-29

Description (Chinese)

DOJO是pwn.college开源的一款JavaScript工具箱。 pwn.college DOJO存在跨站脚本漏洞，该漏洞源于缺少沙箱隔离，可能导致沙箱逃逸和任意JavaScript执行。

Description (English)

DOJO is a JavaScript toolbox from pwn.college. Pwn.college DOJO has a cross-site script loophole, which stems from the lack of sandbox isolation, which may lead to the escape of sandboxes and their arbitrary execution by JavaScript.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

pwn.college

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/pwncollege/dojo/security/advisories/GHSA-wvcf-9xm8-7mrg https://github.com/pwncollege/dojo/commit/e33da14449a5abcff507e554f66e2141d6683b0a https://access.redhat.com/security/cve/cve-2026-25117