Description
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)
Phusion Passenger Other Vulnerability (CVE-2014-1831)
WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)
Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461)
WordPress Plugin Campaign URL Builder Cross-Site Request Forgery (1.5.0)