CVE-2021-46251

2022-02-1523:15:08

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

References

github.com/ScratchVerifier/ScratchOAuth2/commit/1603f04e44ef67dde6ccffe866d2dca16defb293