N/A

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

N/A

N/A

Foswiki 会话劫持和跨站请求伪造漏洞

Foswiki 1.0.5之前版本存在跨站请求伪造漏洞。远程攻击者可以劫持任意用户的身份认证，以便发送用于修改页、更改许可或更改群成员的请求。比如利用一个IMG元素的SRC属性中的用于保存或查看脚本的一个URL。

N/A

N/A