Vulnerabilities > Scratch Wiki

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-17	CVE-2022-42985	Cross-site Scripting vulnerability in Scratch-Wiki Scratch Login 1.1 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). network low complexity scratch-wiki CWE-79	4.8
2022-02-15	CVE-2021-46252	Cross-Site Request Forgery (CSRF) vulnerability in Scratch-Wiki Scratch Confirmaccount V3 A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. network low complexity scratch-wiki CWE-352	6.5
2020-09-15	CVE-2020-15179	Cross-site Scripting vulnerability in Scratch-Wiki Scratchsig The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. network low complexity scratch-wiki CWE-79 critical	9.0
2020-08-28	CVE-2020-15164	Injection vulnerability in Scratch-Wiki Scratch Login 1.1 in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. network low complexity scratch-wiki CWE-74 critical	10.0

Vulnerabilities > Scratch Wiki {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Scratch Wiki"}]}