PT-2022-12620 · Unknown · Scratchoauth2
Apple502J
·
Published
2022-02-15
·
Updated
2022-02-24
·
CVE-2021-46251
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ScratchOAuth2 versions prior to commit 1603f04e44ef67dde6ccffe866d2dca16defb293
Description
A reflected cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. This can be achieved by sending a malicious POST request to a vulnerable endpoint, potentially allowing the execution of arbitrary code. The issue is related to the handling of user input in the ScratchOAuth2 system.
Recommendations
For versions prior to commit 1603f04e44ef67dde6ccffe866d2dca16defb293, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the ScratchOAuth2 system to minimize the risk of exploitation. Avoid using the system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scratchoauth2