383
VMScore

CVE-2012-4379

Published: 19/10/2017 Updated: 31/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote malicious users to conduct clickjacking attacks via an embedded API response in an IFRAME element.

Vulnerable Product Search on Vulmon Subscribe to Product

mediawiki mediawiki 1.19.1

mediawiki mediawiki 1.19.0

mediawiki mediawiki

Vendor Advisories

Debian Bug report logs - #686330 mediawiki: Multiple security issues CVE-2012-4377,CVE-2012-4378,CVE-2012-4379,CVE-2012-4380,CVE-2012-4381,CVE-2012-4382 Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff ...