ScratchTools is a web extension to the STForScratch open source. Designed to make interaction with the Scratch programming language community (Scratching) easier, ScratchTools suffers from a cross-site scripting vulnerability that stems from the program’s lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
scratchstatus scratchtools >=2.4.0, | lt | 2.5.2 |