← volver
CVE-2025-55301

The Scratch Channel Allows Username Modification

CVSS 6.7 MEDIUMEPSS 0.2%CWE-20
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Productos afectados
The-Scratch-Channel · the-scratch-channel.github.io

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2