hsweb-system-workflow-local is vulnerable to cross-site scripting (XSS). A lack of validation on the type
parameter in FlowableModelManagerController.java
allows a remote attacker to inject arbitrary Javascript into a victim’s browser to steal session token or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
hsweb-system-workflow-local | le | 3.0.4 |