Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2015/01/16 4:59 p.m.32 views

CVE-2014-9476

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."...

5CVSS7.3AI score0.02233EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2015/01/16 4:0 p.m.20 views

CVE-2014-9476

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."...

5CVSS8.7AI score0.02233EPSS
Exploits1
CVE
CVE
added 2015/01/16 4:0 p.m.63 views

CVE-2014-9476

CVE-2014-9476 affects MediaWiki, specifically versions: 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1. The vulnerability allows remote attackers to bypass CORS restrictions in the $wgCrossSiteAJAXdomains setting by using a domain that partial-matches an allowed origin (e.g.,...

5CVSS5.9AI score0.02233EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2015/01/16 4:0 p.m.26 views

CVE-2014-9476

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."...

6AI score0.02233EPSS
Exploits1References5
Rows per page
Query Builder