MEDIUM🇵🇱 Wersja polska

CVE-2022-42985

CVSS 4.8v3.1pub. 2022-11-17upd. 2025-04-25

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
  • Scratch Wiki Scratch Login

    APP
    Scratch-Wiki
    ≤ 1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-15164CRITICAL10.0ten sam produkt

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same us...

CVE-2020-15179HIGH8.0ten sam vendor

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script>...

CVE-2021-46252MEDIUM6.5ten sam vendor

A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 al...