CVE-2014-5243
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
MediaWiki anterior a 1.19.18, 1.20.x hasta 1.22.x anterior a 1.22.9, y 1.23.x anterior a 1.23.2 no aplica un mecanismo de protección IFRAME para páginas transcluidas, lo que facilita a atacantes remotos realizar ataques de clickjacking a través de un sitio web manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-08-14 CVE Reserved
- 2014-08-22 CVE Published
- 2024-04-03 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0309.html | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2014/08/14/5 | Mailing List | |
| http://secunia.com/advisories/59738 | Third Party Advisory | |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.wikimedia.org/show_bug.cgi?id=65778 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3011 | 2017-01-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:153 | 2017-01-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | <= 1.19.17 Search vendor "Mediawiki" for product "Mediawiki" and version " <= 1.19.17" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19" | beta_1 |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19" | beta_2 |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.0 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.0" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.1" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.2 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.3 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.3" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.4 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.4" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.5 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.5" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.6 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.6" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.7 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.7" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.8 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.8" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.9 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.9" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.10 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.10" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.11 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.11" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.12 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.12" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.13 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.13" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.14 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.14" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.15 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.15" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.19.16 Search vendor "Mediawiki" for product "Mediawiki" and version "1.19.16" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.1" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.2 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.3 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.3" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.4 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.4" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.5 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.5" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.6 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.6" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.7 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.7" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.20.8 Search vendor "Mediawiki" for product "Mediawiki" and version "1.20.8" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.1" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.2 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.3 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.3" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.4 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.4" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.5 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.5" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.6 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.6" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.7 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.7" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.8 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.8" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.9 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.9" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.21.10 Search vendor "Mediawiki" for product "Mediawiki" and version "1.21.10" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.0 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.0" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.1" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.2 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.3 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.3" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.4 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.4" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.5 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.5" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.6 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.6" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.7 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.7" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.22.8 Search vendor "Mediawiki" for product "Mediawiki" and version "1.22.8" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.23.0 Search vendor "Mediawiki" for product "Mediawiki" and version "1.23.0" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | 1.23.1 Search vendor "Mediawiki" for product "Mediawiki" and version "1.23.1" | - |
Affected
| ||||||