Ashcrow

**Name of the Vulnerable Software and Affected Versions** TWiki versions prior to 4.3.1 **Description** A cross-site request forgery issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages. This can be achieved by using a URL for a save script in the SRC attribute of an IMG element. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the save script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foswiki versions prior to 1.0.5 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships. This can be achieved through a URL for a save or view script in the SRC attribute of an IMG element. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the save and view scripts to minimize the risk of exploitation.