CVE-2018-20594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20594

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20594.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-20594

Aliases

GHSA-qqv6-5w6p-3pgr

Published

2018-12-30T18:29:00Z

Modified

2025-09-19T09:41:22.914394Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.

References

Affected packages

Git / github.com/hs-web/hsweb-framework

Affected ranges

Type: GIT
Repo: https://github.com/hs-web/hsweb-framework
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b72a2275ed21240296c6539bae1049c56abb542f

Affected versions

3.*

3.0.0

3.0.0-RC

3.0.0-SNAPSHOT

3.0.1

V2.*

V2.2.1

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f",
            "signature_type": "Function",
            "digest": {
                "function_hash": "330821371800426035044893871693921782981",
                "length": 1508.0
            },
            "id": "CVE-2018-20594-e88b325a",
            "deprecated": false,
            "target": {
                "function": "export",
                "file": "hsweb-system/hsweb-system-workflow/hsweb-system-workflow-local/src/main/java/org/hswebframework/web/workflow/web/FlowableModelManagerController.java"
            },
            "signature_version": "v1"
        },
        {
            "source": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "321101940929901580470088683253579957837",
                    "223687118862696453719997964115234647042",
                    "100240151606861336257525490367213531031",
                    "169088637915067216465356796641753201309",
                    "146523792934962046781913892361182365084",
                    "230678560176156890520777322803602231084",
                    "9204349770998208631385801478968425947",
                    "312050906019184111747630104397411571637",
                    "31375533270524067781986904493622061404",
                    "159473933295287427374954569996753253353",
                    "225645629777627464607270049198048472364",
                    "126263383780048205335708332171863330373",
                    "5397084159088645101994170031209648365",
                    "77280318197645069146927658726795837876",
                    "220940645746238963713445154093281530501",
                    "314145868575389948677770028019046491256",
                    "208576502974904614556311122710319312237",
                    "237067152605920176311646458785810915233",
                    "171880910741569752544037715034839712606",
                    "210785831024274242979299063151357762884",
                    "145147784337821147084617023512418677554",
                    "33401296217162531517430729891318407711",
                    "245449268235947188958707990174341307196",
                    "16374298831890242273079966227755127939",
                    "150954621391494518735175051763287436200",
                    "209263451536591652496554082245796868742",
                    "96477514868412486523581946149506669558",
                    "255874103450267558022129816435968978041",
                    "167178038154258433143800362339743354779",
                    "311725425402189631802672114424817570356",
                    "60099185724762323621735749973964933887",
                    "157232774511648376817201888040670397234",
                    "175943476824065479654762257966599331983",
                    "115825471406810498542673020352128211156",
                    "6031233599910205915159324149857908592",
                    "178479188426986461378679388559245689150",
                    "45899259208915881173213887588023856954",
                    "322704121952287606677259209985808867906",
                    "1971128215842358430221267393863791771",
                    "282719596122821803196237780903552832365",
                    "131931453240940839275468823453664297641",
                    "311596740157876025656298916774241443831",
                    "28960030446773921036378621828162338927",
                    "301733294641874766303283835252415518522",
                    "51230804981176231904283341875810991768",
                    "64605789595086395567739652185407301826",
                    "22911680981514068238765867278272151853",
                    "288208420365944991509716128064400184429",
                    "214897690319558447151484598712872384255",
                    "201348173484992554863718478319073463046"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2018-20594-f9dffdc4",
            "deprecated": false,
            "target": {
                "file": "hsweb-system/hsweb-system-workflow/hsweb-system-workflow-local/src/main/java/org/hswebframework/web/workflow/web/FlowableModelManagerController.java"
            },
            "signature_version": "v1"
        }
    ]
}