CVE-2009-4898
TWiki < 4.3.2 - Cross-Site Request Forgery via Form Submission
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/02/17
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/03/8
Various Sources x_refsource_confirm
http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix
Scores
EPSS
0.0058
EPSS Percentile
43.5%
Details
CWE
CWE-352
Status
published
Products (16)
twiki/twiki
4.0.0
twiki/twiki
4.0.1
twiki/twiki
4.0.2
twiki/twiki
4.0.3
twiki/twiki
4.0.4
twiki/twiki
4.0.5
twiki/twiki
4.1.0
twiki/twiki
4.1.1
twiki/twiki
4.1.2
twiki/twiki
4.2.0
... and 6 more
Published
Sep 07, 2010
Tracked Since
Feb 18, 2026