2 matches found
CVE-2022-42985
The CVE-2022-42985 entry concerns the ScratchLogin extension for MediaWiki (versions up to 1.1 and earlier). The root issue is that verification failure messages are not escaped, which allows users with administrator privileges to perform cross-site scripting (XSS). Documented impact is XSS with ...
CVE-2020-15164
CVE-2020-15164 affects Scratch Login (MediaWiki extension). Before v1.1, an attacker could log into any account by using a username with leading, trailing, or repeated underscores, which MediaWiki trims as whitespace. Root cause: underscores are treated as whitespace and trimmed, enabling authent...