Scratch-wiki Scratch_login
2 CVEs affecting Scratch-wiki Scratch_login. Latest disclosed: 2022-11-17. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15164 | Critical | 10.0 | 2020-08-28 | in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated unders… |
CVE-2022-42985 | Medium | 4.8 | 2022-11-17 | The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform… |