Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TWiki跨站请求伪造漏洞
Vulnerability Description
TWiki是一套由Perl开发的开源的wiki程序。 Twiki 4.3.2之前的版本中存在跨站请求伪造漏洞。远程攻击者可以借助结合BODY元素的onload属性中提交函数的响应,保存FORM元素中ACTION属性中的脚本URL,劫持任意用户认证,请求更新页面。
CVSS Information
N/A
Vulnerability Type
N/A