Описание
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.
Ссылки
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatch
- PatchVendor Advisory
- Issue TrackingVendor Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatch
- PatchVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2