Maven package
org.hswebframework.web/hsweb-commons
pkg:maven/org.hswebframework.web/hsweb-commons
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20595 | — | <= 3.0.4 | — | Dec 30, 2018 | A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | ||
| CVE-2018-20594 | — | <= 3.0.4 | — | Dec 30, 2018 | An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. |
- CVE-2018-20595Dec 30, 2018affected <= 3.0.4
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
- CVE-2018-20594Dec 30, 2018affected <= 3.0.4
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.