CVE-2009-1434

high

Description

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

References

https://launchpad.net/bugs/cve/2009-1434

https://exchange.xforce.ibmcloud.com/vulnerabilities/50256

http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk&forum_name=foswiki-announce

http://secunia.com/advisories/34863

http://osvdb.org/54148

http://foswiki.org/Support/SecurityAlert-CVE-2009-1434

Details

Source: Mitre, NVD

Published: 2009-04-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00192