Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

The-Scratch-Channel

Source -

CNA

BOS Name -

N/A

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2025-57805
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-25 Aug, 2025 | 21:15
Updated-26 Aug, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.

Action-Not Available
Vendor-The-Scratch-Channel
Product-tsc-web-client
CWE ID-CWE-20
Improper Input Validation
CVE-2025-55301
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.7||MEDIUM
EPSS-Not Assigned
Published-25 Aug, 2025 | 15:38
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Scratch Channel Allows Username Modification

The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.

Action-Not Available
Vendor-The-Scratch-Channel
Product-the-scratch-channel.github.io
CWE ID-CWE-20
Improper Input Validation
CVE-2025-53904
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-1.3||LOW
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 17:02
Updated-18 Jul, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.

Action-Not Available
Vendor-The-Scratch-Channel
Product-the-scratch-channel.github.io
CWE ID-CWE-692
Incomplete Denylist to Cross-Site Scripting
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53903
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-1.3||LOW
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 18:22
Updated-15 Jul, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue.

Action-Not Available
Vendor-The-Scratch-Channel
Product-the-scratch-channel.github.io
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')