Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-5243
HistoryAug 22, 2014 - 12:00 a.m.

CVE-2014-5243

2014-08-2200:00:00
ubuntu.com
ubuntu.com
18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

77.1%

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x
before 1.23.2 does not enforce an IFRAME protection mechanism for
transcluded pages, which makes it easier for remote attackers to conduct
clickjacking attacks via a crafted web site.

Notes

Author Note
seth-arnold bug not visible on 2014-08-14

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

77.1%