Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2014-5241

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.

  • Published: Aug 22, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-5241
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
mediawiki / mediawiki 1.23.0 1.23.0.x
mediawiki / mediawiki 1.22.8 1.22.8.x
mediawiki / mediawiki 1.19 1.19.x
mediawiki / mediawiki 1.19-beta_1 1.19-beta_1.x
mediawiki / mediawiki 1.19.8 1.19.8.x
mediawiki / mediawiki 1.20.5 1.20.5.x
mediawiki / mediawiki 1.20.1 1.20.1.x
mediawiki / mediawiki 1.22.6 1.22.6.x
mediawiki / mediawiki 1.21.8 1.21.8.x
mediawiki / mediawiki 1.22.0 1.22.0.x
mediawiki / mediawiki 1.19.3 1.19.3.x
mediawiki / mediawiki 1.19.15 1.19.15.x
mediawiki / mediawiki 1.22.5 1.22.5.x
mediawiki / mediawiki 1.19.1 1.19.1.x
mediawiki / mediawiki 1.23.1 1.23.1.x
mediawiki / mediawiki 1.21.5 1.21.5.x
mediawiki / mediawiki 1.20.4 1.20.4.x
mediawiki / mediawiki 1.20.2 1.20.2.x
mediawiki / mediawiki 1.19.10 1.19.10.x
mediawiki / mediawiki 1.21.6 1.21.6.x
mediawiki / mediawiki 1.21.1 1.21.1.x
mediawiki / mediawiki 1.22.7 1.22.7.x
mediawiki / mediawiki 1.21.10 1.21.10.x
mediawiki / mediawiki 1.21.7 1.21.7.x
mediawiki / mediawiki 1.19.9 1.19.9.x
mediawiki / mediawiki 1.19.6 1.19.6.x
mediawiki / mediawiki 1.20.3 1.20.3.x
mediawiki / mediawiki 1.19.16 1.19.16.x
mediawiki / mediawiki 1.19-beta_2 1.19-beta_2.x
mediawiki / mediawiki 1.20.6 1.20.6.x
mediawiki / mediawiki 1.22.3 1.22.3.x
mediawiki / mediawiki 1.19.11 1.19.11.x
mediawiki / mediawiki 1.19.5 1.19.5.x
mediawiki / mediawiki 1.22.2 1.22.2.x
mediawiki / mediawiki 1.21.2 1.21.2.x
mediawiki / mediawiki 1.19.13 1.19.13.x
mediawiki / mediawiki 1.19.0 1.19.0.x
mediawiki / mediawiki 1.20.8 1.20.8.x
mediawiki / mediawiki 1.19.4 1.19.4.x
mediawiki / mediawiki 1.21.9 1.21.9.x
mediawiki / mediawiki 1.21.4 1.21.4.x
mediawiki / mediawiki 1.19.12 1.19.12.x
mediawiki / mediawiki 1.21.3 1.21.3.x
mediawiki / mediawiki - 1.19.17.x
mediawiki / mediawiki 1.20.7 1.20.7.x
mediawiki / mediawiki 1.19.14 1.19.14.x
mediawiki / mediawiki 1.22.1 1.22.1.x
mediawiki / mediawiki 1.22.4 1.22.4.x
mediawiki / mediawiki 1.19.7 1.19.7.x
mediawiki / mediawiki 1.19.2 1.19.2.x