CVE-2025-53904

EUVD-2025-21731
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Common Weakness Enumeration
References
https://github.com/The-Scratch-Channel/the-scratch-channel.github.io/blob/main/api/admin.js#L18
https://github.com/The-Scratch-Channel/the-scratch-channel.github.io/security/advisories/GHSA-hgh4-pj74-f5rr