CVE-2012-4379

2017-10-19T21:29:00
ID CVE-2012-4379
Type cve
Reporter cve@mitre.org
Modified 2017-10-31T22:08:00

Description

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.