CVE-2022-31094

ScratchTools (a web extension for Scratch) is affected by a cross-site scripting vulnerability in the Recently Viewed Projects feature. If a user views a project whose title contains JavaScript, the title rendering can execute injected code, potentially hijacking the user’s account. The issue is ...