Description
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
Remediation
References
https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f
https://github.com/hs-web/hsweb-framework/issues/107
Related Vulnerabilities
CVE-2019-10787 Vulnerability in npm package im-resize
CVE-2020-10672 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-36096 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-ui
CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces