A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NScratch Wiki Scratch Confirmaccount V3
APPScratch-Wiki< 2022-01-04
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2020-15164CRITICAL10.0ten sam vendor
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same us...
CVE-2020-15179HIGH8.0ten sam vendor
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script>...
CVE-2022-42985MEDIUM4.8ten sam vendor
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allo...