Cjreed121

**Name of the Vulnerable Software and Affected Versions** pwn.college (affected versions not specified) **Description** The issue is related to a lack of access control when generating custom Dojo pages without privileges, allowing users to create stored XSS. This affects the pwn.college platform, which is an education platform for learning and practicing core cybersecurity concepts in a hands-on manner. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pwn.college (affected versions not specified) **Description** The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion (LFI) from the CTFd container without requiring admin privileges. When a user clones or updates repositories, a check is performed to see if the repository contains any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.