CVE-2014-5243
Published: 22 August 2014
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Notes
Author | Note |
---|---|
seth-arnold | bug not visible on 2014-08-14 |
Priority
Status
Package | Release | Status |
---|---|---|
mediawiki Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.23.2)
|
|
cosmic |
Not vulnerable
(1.23.2)
|
|
disco |
Not vulnerable
(1.23.2)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needed
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|