CVE-2025-53903
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the-scratch-channel | the-scratch-channel | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Scratch Channel news website's /api/users.js file, which does not properly sanitize text box inputs. This flaw can allow cross-site scripting (XSS) attacks, where an attacker can inject malicious scripts into web pages viewed by other users.
How can this vulnerability impact me? :
This vulnerability can lead to cross-site scripting attacks, potentially allowing attackers to execute malicious scripts in users' browsers. This can result in theft of user data, session hijacking, or other malicious actions affecting users of the website.
What immediate steps should I take to mitigate this vulnerability?
Apply the fix from commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb which properly sanitizes text box inputs in the /api/users.js file to prevent cross-site scripting attacks.