CVE-2009-1339

Name of the Vulnerable Software and Affected Versions TWiki versions prior to 4.3.1

Description A cross-site request forgery issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages. This can be achieved by using a URL for a save script in the SRC attribute of an IMG element.

Recommendations For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the save script to minimize the risk of exploitation.