The ScratchLogin extension up to and including 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scratch-wiki scratch login |