PT-2022-20522 · Unknown · Scratchtools

Garbomuffin

Published

2022-06-27

Updated

2022-07-07

CVE-2022-31094

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions ScratchTools versions prior to 2.5.2

Description The issue affects users of the Recently Viewed Projects feature, making them vulnerable to account takeover if they view a project that attempts to exploit this issue. The problem arises when a project with Javascript in its title is visited, and the Recently Viewed Projects feature displays it, potentially running the Javascript.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 to resolve the issue. As a temporary workaround, consider avoiding the use of the Recently Viewed Projects feature until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-31094

GHSA-6R45-JJW6-Q39X

Affected Products

Scratchtools

PT-2022-20522 · Unknown · Scratchtools

CVE-2022-31094

Weakness Enumeration

Related Identifiers

Affected Products

References · 8