FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- cross site request forging

Affected packages
ikiwiki < 2.42

Details

VuXML ID 8d2c0ce1-08b6-11dd-94b4-0016d325a0ed
Discovery 2008-04-10
Entry 2008-04-13
Modified 2010-05-12

The ikiwiki development team reports:

Cross Site Request Forging could be used to construct a link that would change a logged-in user's password or other preferences if they clicked on the link. It could also be used to construct a link that would cause a wiki page to be modified by a logged-in user.

References

CVE Name CVE-2008-0165
URL http://ikiwiki.info/security/#index31h2