CVE-2013-5726
Tweetbot - Cross-Site Request Forgery via tweetbot:///follow/ URL
Title source: llmDescription
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Nov/9
Exploit x_refsource_misc
http://blog.binaryfactory.ca/2013/11/cve-2013-5726-tweetbot-for-ios-and-mac-user-disclosureprivacy-issue/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/99256
Scores
EPSS
0.0106
EPSS Percentile
60.6%
Details
CWE
CWE-352
Status
published
Products (2)
tapbots/tweetbot
1.3.3
tapbots/tweetbot
2.8.5 (2 CPE variants)
Published
Nov 12, 2013
Tracked Since
Feb 18, 2026