Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder is vulnerable to cross-site request forgery (CSRF). A remote attacker is able to trigger an CSRF attack on UserPreferences.jsp via sending a specifically crafted request to modify the email associated with the victim’s account and then a reset password request from the login page.