MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote malicious users to conduct clickjacking attacks via an embedded API response in an IFRAME element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.19.1 |
||
mediawiki mediawiki 1.19.0 |
||
mediawiki mediawiki |