What the vulnerability does
01Description
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
CVSS base score
CVSS vector
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R
What the vulnerability does
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
Key dates
External resources