Lucene search
K

29 matches found

CNNVD
CNNVD
added 2022/02/15 12:0 a.m.5 views

ScratchOAuth2 跨站脚本漏洞

Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of user-submitted...

6.1CVSS6.3AI score0.00562EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.3 views

ScratchOAuth2 安全漏洞

Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a security vulnerability that stems from a problem with authentication in ScratchOAuth2's SOA2Login::comment, allowing a...

10CVSS8.3AI score0.01052EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.5 views

ScratchOAuth2 授权问题漏洞

Kenny2github ScratchOAuth2 is a Kenny2github open source application. Verify that a Scratch account is authentic for authorization or identification purposes. ScratchOAuth2 has a security vulnerability that stems from a problem with the key authorization mechanism in the SpecificApps REST API,...

6.5CVSS6.5AI score0.00643EPSS
Exploits0References2
NVD
NVD
added 2021/04/13 8:15 p.m.12 views

CVE-2021-29437

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...

8CVSS0.00806EPSS
Exploits0References2
OSV
OSV
added 2021/04/13 8:15 p.m.11 views

CVE-2021-29437

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...

6.8CVSS6.9AI score0.00806EPSS
Exploits0References2
Prion
Prion
added 2021/04/13 8:15 p.m.12 views

Code injection

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...

4CVSS6.7AI score0.00806EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/13 6:25 p.m.17 views

CVE-2021-29437 Account compromise by man-in-the-middle attack

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be us...

8CVSS8AI score0.00806EPSS
Exploits0References2
CVE
CVE
added 2021/04/13 6:25 p.m.35 views

CVE-2021-29437

ScratchOAuth2 is an OAuth implementation for Scratch. A third party can read and modify data that a user could, by tricking the user into posting a ScratchOAuth2 login code, enabling the third party to complete login and gain full access to the user’s Scratch account. The attack proceeds via a us...

8CVSS6.9AI score0.00806EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.3 views

PT-2021-18213 · Unknown · Scratchoauth2

Name of the Vulnerable Software and Affected Versions: ScratchOAuth2 affected versions not specified Description: The issue allows a third-party site to access and modify a Scratch user's data by pretending to be the user and obtaining a login code from ScratchOAuth2. This is achieved through a...

8CVSS6.7AI score0.00806EPSS
Exploits0References4
Rows per page
Query Builder