WEB APPLICATION VULNERABILITIES Standard & Premium

MediaWiki Improper Input Validation Vulnerability (CVE-2014-5243)

Description

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

Related Vulnerabilities

MediaWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-0537)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.4)

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)

Severity

Medium

Classification

CVE-2014-5243 CWE-20

Tags

Missing Update Known Vulnerabilities