Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tapbots Tweetbot For iOS和Mac 跨站请求伪造漏洞
Vulnerability Description
Tweetbot是美国Tapbots公司的一套专为iPhone、iPod Touch、iPad和Mac设计的Twitter(社交网站)的第三方客户端。 Mac平台上的Tweetbot 1.3.3版本,iPad和iPhone平台上的Tweetbot 2.8.5版本中存在安全漏洞,该漏洞源于程序没有要求确认follow或favorite操作。远程攻击者可借助特制的URL利用该漏洞造成用户执行任意twitter操作。
CVSS Information
N/A
Vulnerability Type
N/A