CVE Daily

CVE-2025-53904

The Scratch Channel is a news website that is under development as of time of th...

Low CVSS 1.3

Overview

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.

CWE: CWE-79 Published: 2025-07-16T17:15:31.100
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 1.3 (LOW)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags