FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- Clickjacking vulnerabilities

Affected packages
1.16 < mediawiki < 1.16.1
1.15 < mediawiki < 1.15.5_1

Details

VuXML ID e177c410-1943-11e0-9d1c-000c29ba66d2
Discovery 2011-01-04
Entry 2011-01-06

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.

[source]

References

URL https://bugzilla.wikimedia.org/show_bug.cgi?id=26561

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.