Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 2:30 a.m.13 views

CVE-2025-24885

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS6.6AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 11:15 p.m.23 views

CVE-2025-24886

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/30 10:41 p.m.22 views

CVE-2025-24885 pwn.college has a XSS on dojo pages

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/01/30 10:41 p.m.6 views

CVE-2025-24885 pwn.college has a XSS on dojo pages

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS6.8AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 10:41 p.m.9 views

CVE-2025-24885 pwn.college has a XSS on dojo pages

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS7.5AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 10:41 p.m.54 views

CVE-2025-24885

CVE-2025-24885 concerns pwn.college and its Dojo pages. The reported vulnerability is a missing access control on rendering custom (unprivileged) Dojo pages, enabling stored XSS via the dojo content. The CVE entry documents a CVSS v3.1 base score of 7.6 (HIGH) with attack vector NETWORK, attack c...

7.6CVSS7.5AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 10:40 p.m.9 views

CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS7.6AI score0.00455EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 10:40 p.m.55 views

CVE-2025-24886

CVE-2025-24886 involves pwn.college’s Dojo tooling where incorrect symbolic link checks on user-specified dojos allow an LFI from the CTFd container without admin privileges. A malicious user can craft a repository containing symlinks to sensitive files and retrieve them via the CTFd website when...

7.7CVSS7.6AI score0.00455EPSS
Exploits0References1
Rows per page
Query Builder