CVE-2025-53904

Summary

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/admin.js contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.

Affected Software

VendorProductVersion RangeStatus
The-Scratch-Channelthe-scratch-channel.github.io<= b66a1cae45e05ad8971aecd96c3322520f8a5725affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-692: CWE-692: Incomplete Denylist to Cross-Site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References