CVE-2012-4379

Published: 2017-10-19T21:29Z

Last Modified: 2024-11-21T01:42Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt