CVE-2025-55301
- Source
- https://cve.org/CVERecord?id=CVE-2025-55301
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55301.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-55301
- Aliases
-
- GHSA-9q4f-4vjm-7gp2
- Published
- 2025-08-25T15:38:34.391Z
- Modified
- 2026-04-02T12:55:04.383800Z
- Severity
-
- 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- The Scratch Channel Allows Username Modification
- Details
-
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55301.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20" ] }- References
-
- https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77
- https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55301.json
- https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2
- https://nvd.nist.gov/vuln/detail/CVE-2025-55301