An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-30
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-30