Description
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.9.10)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2006-20001)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-69421)
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55876)
WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)