Hsweb

hsweb

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Hsweb

hsweb

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-20595 1Hsweb 1Hsweb Nov 21, 2024 Dec 30, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user...Show more A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.Show less
CVE-2018-20594 1Hsweb 1Hsweb Nov 21, 2024 Dec 30, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-20595

1Hsweb

Nov 21, 2024

Dec 30, 2018

N/A· v4

8.8 HIGH· v3

6.8 MEDIUM· v2

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user...Show more

CVE-2018-20594

1Hsweb

Nov 21, 2024

Dec 30, 2018

N/A· v4

6.1 MEDIUM· v3

4.3 MEDIUM· v2

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.