CVE-2014-5243
MediaWiki < 1.19.18, 1.20.x-1.22.x < 1.22.9, 1.23.x < 1.23.2 - Clickjacking via IFRAME Protection Bypass
Title source: llmDescription
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References (7)
Core 7
Core References
Various Sources mailing-list
x_refsource_mlist
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3011
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:153
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59738
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/08/14/5
Exploit, Patch x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=65778
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0309.html
Scores
EPSS
0.0037
EPSS Percentile
58.8%
Details
CWE
CWE-20
Status
published
Products (48)
mediawiki/mediawiki
1.19 (3 CPE variants)
mediawiki/mediawiki
1.19.0
mediawiki/mediawiki
1.19.1
mediawiki/mediawiki
1.19.2
mediawiki/mediawiki
1.19.3
mediawiki/mediawiki
1.19.4
mediawiki/mediawiki
1.19.5
mediawiki/mediawiki
1.19.6
mediawiki/mediawiki
1.19.7
mediawiki/mediawiki
1.19.8
... and 38 more
Published
Aug 22, 2014
Tracked Since
Feb 18, 2026