CyberSec.Space Logo
Back to CVE Browser

CVE-2021-46251

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile13.27th
PublishedFeb 15, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-12

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/1603f04e44ef67dde6ccffe866d2dca16defb293
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/1603f04e44ef67dde6ccffe866d2dca16defb293

Related Vulnerabilities

CVE-2021-4625010.0

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authe...

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462496.5

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504c...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.