CVE-2009-1434

Name of the Vulnerable Software and Affected Versions Foswiki versions prior to 1.0.5

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships. This can be achieved through a URL for a save or view script in the SRC attribute of an IMG element.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the save and view scripts to minimize the risk of exploitation.