CVE-2018-20594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20594

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20594.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-20594

Aliases

GHSA-qqv6-5w6p-3pgr

Published

2018-12-30T18:29:00Z

Modified

2025-10-15T09:32:21.490573Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.

References

Affected packages

Git / github.com/hs-web/hsweb-framework

Affected ranges

Type: GIT
Repo: https://github.com/hs-web/hsweb-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b72a2275ed21240296c6539bae1049c56abb542f

Affected versions

3.*

3.0.0

3.0.0-RC

3.0.0-SNAPSHOT

3.0.1

V2.*

V2.2.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1508.0,
            "function_hash": "330821371800426035044893871693921782981"
        },
        "source": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "hsweb-system/hsweb-system-workflow/hsweb-system-workflow-local/src/main/java/org/hswebframework/web/workflow/web/FlowableModelManagerController.java",
            "function": "export"
        },
        "id": "CVE-2018-20594-e88b325a",
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321101940929901580470088683253579957837",
                "223687118862696453719997964115234647042",
                "100240151606861336257525490367213531031",
                "169088637915067216465356796641753201309",
                "146523792934962046781913892361182365084",
                "230678560176156890520777322803602231084",
                "9204349770998208631385801478968425947",
                "312050906019184111747630104397411571637",
                "31375533270524067781986904493622061404",
                "159473933295287427374954569996753253353",
                "225645629777627464607270049198048472364",
                "126263383780048205335708332171863330373",
                "5397084159088645101994170031209648365",
                "77280318197645069146927658726795837876",
                "220940645746238963713445154093281530501",
                "314145868575389948677770028019046491256",
                "208576502974904614556311122710319312237",
                "237067152605920176311646458785810915233",
                "171880910741569752544037715034839712606",
                "210785831024274242979299063151357762884",
                "145147784337821147084617023512418677554",
                "33401296217162531517430729891318407711",
                "245449268235947188958707990174341307196",
                "16374298831890242273079966227755127939",
                "150954621391494518735175051763287436200",
                "209263451536591652496554082245796868742",
                "96477514868412486523581946149506669558",
                "255874103450267558022129816435968978041",
                "167178038154258433143800362339743354779",
                "311725425402189631802672114424817570356",
                "60099185724762323621735749973964933887",
                "157232774511648376817201888040670397234",
                "175943476824065479654762257966599331983",
                "115825471406810498542673020352128211156",
                "6031233599910205915159324149857908592",
                "178479188426986461378679388559245689150",
                "45899259208915881173213887588023856954",
                "322704121952287606677259209985808867906",
                "1971128215842358430221267393863791771",
                "282719596122821803196237780903552832365",
                "131931453240940839275468823453664297641",
                "311596740157876025656298916774241443831",
                "28960030446773921036378621828162338927",
                "301733294641874766303283835252415518522",
                "51230804981176231904283341875810991768",
                "64605789595086395567739652185407301826",
                "22911680981514068238765867278272151853",
                "288208420365944991509716128064400184429",
                "214897690319558447151484598712872384255",
                "201348173484992554863718478319073463046"
            ]
        },
        "source": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "hsweb-system/hsweb-system-workflow/hsweb-system-workflow-local/src/main/java/org/hswebframework/web/workflow/web/FlowableModelManagerController.java"
        },
        "id": "CVE-2018-20594-f9dffdc4",
        "signature_type": "Line"
    }
]