Description
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
Remediation
References
https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f
https://github.com/hs-web/hsweb-framework/issues/107
Related Vulnerabilities
CVE-2022-25647 Vulnerability in maven package com.google.code.gson:gson
CVE-2021-23543 Vulnerability in npm package realms-shim
CVE-2020-7780 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12
CVE-2018-1000820 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2020-2231 Vulnerability in maven package org.jenkins-ci.main:jenkins-core