CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20595

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2
https://github.com/hs-web/hsweb-framework/issues/107
https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2
https://github.com/hs-web/hsweb-framework/issues/107

Products affected by CVE-2018-20595

Hsweb » Hsweb » Version: 3.0.4

cpe:2.3:a:hsweb:hsweb:3.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20595

Products

Pricing

Contact Us