VYPR

ScratchSig

by MediaWiki

CVEs (1)

  • CVE-2020-15179HigSep 15, 2020
    risk 0.00cvss 8.0epss 0.01

    The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using tag inside tag, attackers with edit permission can execute scripts on visitors' browser. With MediaWiki JavaScript API, this can potentially lead to…