2022-11-17 00:00:00
mitre
PUBLISHED
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).