FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- Clickjacking vulnerabilities

Affected packages
1.16 < mediawiki < 1.16.1
1.15 < mediawiki < 1.15.5_1


VuXML ID e177c410-1943-11e0-9d1c-000c29ba66d2
Discovery 2011-01-04
Entry 2011-01-06

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.