The-Scratch-Channel/tsc-web-client

The-Scratch-Channel/tsc-web-client

thescratchchannel.vercel.app

Releases4

Frequency5 days 10 hours

Last Release 10 months ago

Stars3

Website for The Scratch Channel - An unofficial site for Scratch News

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-59416 ↗	Sep 17, 2025Wednesday, 17 September 2025, 19:15	—	—
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2.
CVE-2025-57805 ↗	Aug 25, 2025Monday, 25 August 2025, 22:15	—	—
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.
CVE-2025-55301 ↗	Aug 25, 2025Monday, 25 August 2025, 16:15	6.7 MEDIUM	—
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.