Description
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2012-4322 | MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T20:35:09.330Z
Reserved: 2012-08-21T00:00:00.000Z
Link: CVE-2012-4379
No data.
Status : Modified
Published: 2017-10-19T21:29:00.187
Modified: 2026-06-16T23:44:54.440
Link: CVE-2012-4379
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-284
Improper Access Control
EUVD