CVE-2025-53904 | The-Scratch-Channel up to b66a1cae45e05ad8971aecd96c3322520f8a5725 /api/admin.js cross site scripting (GHSA-hgh4-pj74-f5rr)

Inserito da Angelo Barbosa | Lug 16, 2025 | CVE

A vulnerability classified as problematic was found in The-Scratch-Channel up to b66a1cae45e05ad8971aecd96c3322520f8a5725. This vulnerability affects unknown code of the file /api/admin.js. The manipulation leads to cross site scripting.

This vulnerability was named CVE-2025-53904. The attack can be initiated remotely. There is no exploit available.

CVE-2025-53904 | The-Scratch-Channel up to b66a1cae45e05ad8971aecd96c3322520f8a5725 /api/admin.js cross site scripting (GHSA-hgh4-pj74-f5rr)

Post correlati

CVE-2024-29415 | ip Package up to 2.0.1/012.1.2.3/127.0.0.1/127.1 on Node.js server-side request forgery (ID 150)

CVE-2024-28109 | veraPDF-library up to 1.24.1 XSL Transform xml injection

CVE-2024-22142 | Cozmoslabs Profile Builder Pro Plugin up to 3.10.0 on WordPress cross site scripting

CVE-2024-24321 | D-Link DIR-816A2 1.10CNB05 sub_42DA54 wizardstep4_ssid_2 Privilege Escalation