CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-46251

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0060%
EPSS Percentile13.27th
Published2022年2月15日
Last Modified2024年11月21日

Vulnerability Description

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-12

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/1603f04e44ef67dde6ccffe866d2dca16defb293
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/1603f04e44ef67dde6ccffe866d2dca16defb293

相關漏洞威脅

CVE-2021-4625010.0

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authe...

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462496.5

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504c...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...