3 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submi...
CVE-2009-1339
Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...
CVE-2009-1339
CVE-2009-1339 describes a CSRF vulnerability in TWiki prior to 4.3.1 where a remote authenticated user can hijack another user’s session for page-update requests (demonstrated via a URL in an IMG SRC attribute). Related entries note this was not fully fixed by prior patches, with CVE-2009-4898 ci...