CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mediawiki: >> Mediawiki >> 1.22.8 Security Vulnerabilities

CVE-2014-5242

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.

CVSS Score

4.3

EPSS Score

0.021

Published

2014-08-22

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS Score

4.3

EPSS Score

0.018

Published

2014-08-22

Page 25

Vulnerabilities

Vulnerable Software

Mediawiki: >> Mediawiki >> 1.22.8 Security Vulnerabilities

Products

Pricing

Contact Us