{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55301", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-12T16:15:30.238Z", "datePublished": "2025-08-25T15:38:34.391Z", "dateUpdated": "2025-08-25T16:03:22.618Z"}, "containers": {"cna": {"title": "The Scratch Channel Allows Username Modification", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2"}, {"name": "https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77", "tags": ["x_refsource_MISC"], "url": "https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77"}, {"name": "https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1"}], "affected": [{"vendor": "The-Scratch-Channel", "product": "the-scratch-channel.github.io", "versions": [{"version": "= 1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-25T15:38:34.391Z"}, "descriptions": [{"lang": "en", "value": "The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1."}], "source": {"advisory": "GHSA-9q4f-4vjm-7gp2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T16:03:11.062852Z", "id": "CVE-2025-55301", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T16:03:22.618Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T16:03:11.062852Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T16:03:14.313Z"}}], "cna": {"title": "The Scratch Channel Allows Username Modification", "source": {"advisory": "GHSA-9q4f-4vjm-7gp2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "The-Scratch-Channel", "product": "the-scratch-channel.github.io", "versions": [{"status": "affected", "version": "= 1"}]}], "references": [{"url": "https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2", "name": "https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77", "name": "https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1", "name": "https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-25T15:38:34.391Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55301", "state": "PUBLISHED", "dateUpdated": "2025-08-25T16:03:22.618Z", "dateReserved": "2025-08-12T16:15:30.238Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-25T15:38:34.391Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1."}, {"lang": "es", "value": "El Scratch Channel es un sitio web de noticias. En la versi\u00f3n 1, es posible acceder a la aplicaci\u00f3n en las herramientas de desarrollo y hacer clic en el almacenamiento local para editar el nombre de usuario de la cuenta localmente. Este problema se ha corregido en la versi\u00f3n 1.1."}], "id": "CVE-2025-55301", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-25T16:15:31.390", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/The-Scratch-Channel/tsc-web-client/discussions/77"}, {"source": "security-advisories@github.com", "url": "https://github.com/The-Scratch-Channel/tsc-web-client/releases/tag/v1.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-9q4f-4vjm-7gp2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-08-25T22:08:11.588398+00:00", "updated": "2025-08-25T22:08:11.588481+00:00", "vendors": ["scratch_channel_project", "scratch_channel_project$PRODUCT$scratch_channel"]}