CVE-2020-15179 – The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scrip …

Vuln ID: CVE-2020-15179

Published:  2020-09-15  18:15:14Z

Description: The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visitors’ browser. With MediaWiki JavaScript API, this can potentially lead to privilege escalation and/or account takeover. This has been patched in release 1.0.1. This has already been deployed to all Scratch Wikis. No workarounds exist other than disabling the extension completely.

Source: NVD.NIST.GOV