Vulnerabilities > Scratch Wiki > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-15179 | Unspecified vulnerability in Scratch-Wiki Scratchsig The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. | 9.0 |
| 2020-08-28 | CVE-2020-15164 | Injection vulnerability in Scratch-Wiki Scratch Login in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. | 10.0 |