CVE-2009-4898

TWiki < 4.3.2 - Cross-Site Request Forgery via Form Submission

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/02/17
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/08/03/8

Scores

EPSS 0.0058
EPSS Percentile 43.5%

Details

CWE
CWE-352
Status published
Products (16)
twiki/twiki 4.0.0
twiki/twiki 4.0.1
twiki/twiki 4.0.2
twiki/twiki 4.0.3
twiki/twiki 4.0.4
twiki/twiki 4.0.5
twiki/twiki 4.1.0
twiki/twiki 4.1.1
twiki/twiki 4.1.2
twiki/twiki 4.2.0
... and 6 more
Published Sep 07, 2010
Tracked Since Feb 18, 2026