| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-5243 | 4.3 |
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted we
|
07-01-2017 - 03:00 | 22-08-2014 - 17:55 | |
| CVE-2014-5241 | 6.8 |
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which al
|
07-01-2017 - 03:00 | 22-08-2014 - 17:55 | |
| CVE-2014-5242 | 4.3 |
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox cl
|
08-09-2015 - 17:55 | 22-08-2014 - 17:55 |