PT-2025-1307 · Devdojo · Devdojo Voyager

Yaniv Nizry

Published

2025-01-30

Updated

2025-02-06

CVE-2024-55416

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DevDojo Voyager versions 1.8.0 and earlier

Description The issue allows for reflected XSS via the "/admin/compass" API endpoint. By manipulating an authenticated user to click on a link, arbitrary JavaScript code can be executed.

Recommendations DevDojo Voyager versions 1.8.0 and earlier: Update to a version later than 1.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/compass" API endpoint until a patch is available.

Exploit

Fix

Path traversal

XSS

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-79CWE-23

Related Identifiers

BDU:2025-00931

BDU:2025-00932

CVE-2024-55416

GHSA-MM49-4F2G-C3WF

Affected Products

Devdojo Voyager

PT-2025-1307 · Devdojo · Devdojo Voyager

CVE-2024-55416

Weakness Enumeration

Related Identifiers

Affected Products

References · 21