Supercoolspy

**Name of the Vulnerable Software and Affected Versions** Vikunja versions prior to 1.1.0 **Description** Vikunja, a todo-app, contains a cross-site scripting (XSS) issue in the task preview mechanism. The `TaskGlanceTooltip.vue` component creates a temporary div and sets its `innerHtml` to the task description without proper escaping. This allows a malicious user to create a task with a crafted description containing unescaped HTML, which can execute arbitrary JavaScript code when another user hovers over the task. The vulnerable code is located at line 118 of `TaskGlanceTooltip.vue`. The issue can be triggered by updating a task description via the API with malicious HTML, sharing the project, and having a user view the task. The `innerHtml` property is directly set with the unescaped description. **Recommendations** Versions prior to 1.1.0 should be updated to version 1.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** pwn.college DOJO versions prior to commit e33da14449a5abcff507e554f66e2141d6683b0a **Description** A missing sandbox implementation on routes starting with `/workspace/*` allows challenge authors to inject arbitrary JavaScript code. This code executes within the same origin as `http[:]//dojo[.]website`, resulting in a sandbox escape and arbitrary JavaScript execution with the privileges of the DOJO origin. An attacker, specifically a challenge author, can create a malicious page that performs dangerous actions on behalf of a user. The affected API endpoint is `/workspace/*`. The vulnerable component is the sandboxing mechanism for routes starting with `/workspace/*`. **Recommendations** Update to commit e33da14449a5abcff507e554f66e2141d6683b0a or a later version to address the missing sandboxing issue.