XSS in The-scratch-channel The-scratch-channel.github.io
CVE-2025-53903
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (24.4th percentile) — read the EPSS interpretation.
Affected products
- The-scratch-channel The-scratch-channel.github.io — versions < 90b39eb56b27b2bac29001abb1a3cac0964b8ddb
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)