29 matches found
ScratchOAuth2 跨站脚本漏洞
Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of user-submitted...
ScratchOAuth2 安全漏洞
Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a security vulnerability that stems from a problem with authentication in ScratchOAuth2's SOA2Login::comment, allowing a...
ScratchOAuth2 授权问题漏洞
Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a security vulnerability that stems from a problem with the key authorization mechanism in the SpecificApps REST API,...
CVE-2021-29437
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...
CVE-2021-29437
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...
Code injection
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...
CVE-2021-29437 Account compromise by man-in-the-middle attack
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...
CVE-2021-29437
ScratchOAuth2 is an OAuth implementation for Scratch. A third party can read and modify data that a user could, by tricking the user into posting a ScratchOAuth2 login code, enabling the third party to complete login and gain full access to the user’s Scratch account. The attack proceeds via a us...
PT-2021-18213 · Unknown · Scratchoauth2
Name of the Vulnerable Software and Affected Versions: ScratchOAuth2 affected versions not specified Description: The issue allows a third-party site to access and modify a Scratch user's data by pretending to be the user and obtaining a login code from ScratchOAuth2. This is achieved through a...