Vulnerability Details : CVE-2009-1434
Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2009-1434
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1434
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2009-1434
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1434
Products affected by CVE-2009-1434
- cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*
- cpe:2.3:a:foswiki:foswiki:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:foswiki:foswiki:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:foswiki:foswiki:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:foswiki:foswiki:1.0.0:*:*:*:*:*:*:*