CVE-2021-46251
- EPSS 0.24%
- Veröffentlicht 15.02.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:33:49
A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2021-46249
- EPSS 0.15%
- Veröffentlicht 15.02.2022 23:15:07
- Zuletzt bearbeitet 21.11.2024 06:33:48
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.
- EPSS 0.43%
- Veröffentlicht 15.02.2022 23:15:07
- Zuletzt bearbeitet 21.11.2024 06:33:49
An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.
CVE-2021-29437
- EPSS 0.27%
- Veröffentlicht 13.04.2021 20:15:22
- Zuletzt bearbeitet 21.11.2024 06:01:05
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratc...