Naleksuh

**Name of the Vulnerable Software and Affected Versions** ScratchSig extension for MediaWiki versions prior to 1.0.1 **Description** The issue allows stored Cross-Site Scripting, enabling attackers with edit permission to execute scripts on visitors' browsers by using a <script> tag inside a <scratchsig> tag. This could potentially lead to privilege escalation and/or account takeover using the MediaWiki JavaScript API. **Recommendations** For ScratchSig extension for MediaWiki versions prior to 1.0.1, update to version 1.0.1 to resolve the issue. As a temporary workaround, consider disabling the ScratchSig extension completely until the patch is applied.