CVE-2014-5243
EPSS 0.37%
Description
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
How to fix CVE-2014-5243
To remediate CVE-2014-5243, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.19.18+dfsg-0.1 or later
Is CVE-2014-5243 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.19.18+dfsg-0.1