Description

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

Remediation

References

CVE-2014-5241

Related Vulnerabilities

IBM WebSEAL Other Vulnerability (CVE-2023-30998)

WordPress Plugin Ad Swapper Cross-Site Scripting (1.0.3)

WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)

WordPress Plugin RSVPMaker SQL Injection (6.1.9)

WordPress Plugin BackUpWordPress Remote File Inclusion (0.4.2b)

Severity

Medium

Classification

CVE-2014-5241 CWE-352

Tags

Missing Update Known Vulnerabilities