CVE-2025-53903

Low CVSS 1.3

Overview

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue.

CWE: CWE-79 Published: 2025-07-15T19:15:23.220

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 1.3 (LOW)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags