CVE-2013-5726

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tapbots:tweetbot:1.3.3:-:*:*:*:mac:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:ipad:*:*
cpe:2.3:a:tapbots:tweetbot:2.8.5:-:*:*:*:iphone:*:*

History

No history.

Information

Published : 2013-11-12 20:55

Updated : 2024-02-28 12:00


NVD link : CVE-2013-5726

Mitre link : CVE-2013-5726

CVE.ORG link : CVE-2013-5726


JSON object : View

Products Affected

tapbots

  • tweetbot
CWE
CWE-352

Cross-Site Request Forgery (CSRF)