A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
{
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.4"
}
],
"cpe": "cpe:2.3:a:hsweb:hsweb:3.0.4:*:*:*:*:*:*:*",
"source": "CPE_FIELD"
}