Description

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

CVE-2014-5243

Related Vulnerabilities

WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Oracle JRE CVE-2018-2678 Vulnerability (CVE-2018-2678)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)

Severity

Medium

Classification

CVE-2014-5243 CWE-20

Tags

Missing Update Known Vulnerabilities