QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53903

Published: Jul 15, 2025

Modified: Jul 15, 2025

PUBLISHED

Description

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue.

Vendor	Product	Versions
The-Scratch-Channel	the-scratch-channel.github.io	affected `< 90b39eb56b27b2bac29001abb1a3cac0964b8ddb`

Weaknesses (CWE)

References

https://github.com/The-Scratch-Channel/the-scratch-channel.github.io/security/advisories/GHSA-25wp-g9g6-7fr9

x_refsource_CONFIRM

https://github.com/The-Scratch-Channel/the-scratch-channel.github.io/commit/90b39eb56b27b2bac29001abb1a3cac0964b8ddb

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.