3 matches found
CVE-2022-42985
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting XSS...
CVE-2022-42985
creationtimestamp| type| source ---|---|--- 2022-11-17 15:52:42+00:00| seen| https://t.me/cibsecurity/53029 2025-04-25 21:08:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13546...
CVE-2022-42985
The CVE-2022-42985 entry concerns the ScratchLogin extension for MediaWiki (versions up to 1.1 and earlier). The root issue is that verification failure messages are not escaped, which allows users with administrator privileges to perform cross-site scripting (XSS). Documented impact is XSS with ...