Cross-Site Scripting Vulnerability in Scratch Channel News Website
CVE-2025-53904

1.3LOW

Key Information:

Vendor: The-scratch-channel
Status: The-scratch-channel.github.io
Vendor: CVE Published:; 16 July 2025

🔔 Create The-scratch-channel Vulnerability Alert

What is CVE-2025-53904?

The Scratch Channel's news website contains a vulnerability in the /api/admin.js file, enabling potential cross-site scripting attacks. This flaw could allow attackers to inject malicious scripts into web pages viewed by users, compromising user data and session integrity. As of the current report, no patches are available, leaving the site exposed to such threats. Website administrators are urged to review their code and implement necessary security measures to mitigate this risk.

Affected Version(s)

the-scratch-channel.github.io <= b66a1cae45e05ad8971aecd96c3322520f8a5725

References

https://github.com/The-Scratch-Channel/the-scratch-channe...

x_refsource_CONFIRM

https://github.com/The-Scratch-Channel/the-scratch-channe...

x_refsource_MISC

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 11, 2025