CVE-2012-4379

2017-10-19T17:29:00
ID CVE-2012-4379
Type cve
Reporter NVD
Modified 2017-10-31T18:08:51

Description

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.