PT-2018-15458 · Hsweb · Hsweb

Published

2018-12-30

Updated

2019-01-15

CVE-2018-20594

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions hsweb version 3.0.4

Description A reflected XSS issue was discovered due to the absence of type parameter checking in FlowableModelManagerController.java.

Recommendations For hsweb version 3.0.4, update the FlowableModelManagerController.java to include type parameter checking to prevent XSS exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-20594

GHSA-QQV6-5W6P-3PGR

Affected Products

Hsweb

PT-2018-15458 · Hsweb · Hsweb

CVE-2018-20594

Weakness Enumeration

Related Identifiers

Affected Products

References · 7