Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-11-12 20:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-5726
Mitre link : CVE-2013-5726
CVE.ORG link : CVE-2013-5726
JSON object : View
Products Affected
tapbots
- tweetbot
CWE
CWE-352
Cross-Site Request Forgery (CSRF)