First published: Tue Sep 07 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Twiki Twiki | =4.1.1 | |
Twiki Twiki | =4.0.1 | |
Twiki Twiki | =4.2.3 | |
Twiki Twiki | =4.2.4 | |
Twiki Twiki | =4.3.0 | |
Twiki Twiki | <=4.3.1 | |
Twiki Twiki | =4.0.3 | |
Twiki Twiki | =4.0.4 | |
Twiki Twiki | =4.2.1 | |
Twiki Twiki | =4.2.0 | |
Twiki Twiki | =4.0.0 | |
Twiki Twiki | =4.1.0 | |
Twiki Twiki | =4.2.2 | |
Twiki Twiki | =4.0.2 | |
Twiki Twiki | =4.0.5 | |
Twiki Twiki | =4.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.