QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25117

Back to search

CVE-2026-25117

Published: Jan 29, 2026

Modified: Feb 2, 2026

PUBLISHED

Description

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`. This is a sandbox escape leading to arbitrary javascript execution as the dojo's origin. A challenge author can craft a page that executes any dangerous actions that the user could. Version e33da14449a5abcff507e554f66e2141d6683b0a patches the issue.

VendorProductVersions

pwncollege

dojo

affected
< e33da14449a5abcff507e554f66e2141d6683b0a

Weaknesses (CWE)

CWE-20
CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now