exploitDog

GHSA-rmx9-w5vx-r35r

Опубликовано: 17 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).

Ссылки

EPSS

Процентиль: 63%

0.00441

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-42985

CVSS3: 4.8

nvd

около 3 лет назад

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).

EPSS

Процентиль: 63%

0.00441

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79