CVE-2009-4898

Name of the Vulnerable Software and Affected Versions TWiki versions prior to 4.3.2

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that update pages. This can be achieved through a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element.

Recommendations For TWiki versions prior to 4.3.2, update to version 4.3.2 or later to resolve the issue.