Low severityOSV Advisory· Published Jul 15, 2025· Updated Apr 15, 2026

CVE-2025-53903

Description

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue.

Affected products

The Scratch Channel/Tsc Web ClientOSV

Patches

90b39eb56b27

https://github.com/the-scratch-channel/tsc-web-clientvia osv

90b39eb56b27

https://github.com/The-Scratch-Channel/the-scratch-channel.github.iovia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/The-Scratch-Channel/the-scratch-channel.github.io/commit/90b39eb56b27b2bac29001abb1a3cac0964b8ddbnvd
github.com/The-Scratch-Channel/the-scratch-channel.github.io/security/advisories/GHSA-25wp-g9g6-7fr9nvd

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000