18 matches found
EUVD-2019-0176
Malware in sbrugna...
EUVD-2001-0200
Malware in sbrugna...
EUVD-2019-0194
Malware in sbrugna...
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
GHSA-QQV6-5W6P-3PGR Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...
hsweb cross-site scripting vulnerability
hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. A cross-site scripting vulnerability...
hsweb cross-site request forgery vulnerability
hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. hsweb 3.0.4 version of the...
Cross site scripting
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
CVE-2018-20594
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
CVE-2018-20595
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...
CVE-2018-20594
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
CVE-2018-20594
CVE-2018-20594 affects hsweb 3.0.4, with a reflected XSS flaw caused by lack of type parameter checking in FlowableModelManagerController.java. Multiple sources (NVD entry, GHSA/OSV entries, CNVD/CNVD-like databases, and Veracode advisory) consistently describe a vulnerability where an attacker c...
CVE-2018-20594
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...
CVE-2001-0200
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled...
CVE-2001-0200
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled...
CVE-2001-0200
HSWeb 2.0 HTTP server is affected by a path-disclosure vulnerability: remote attackers can obtain the server’s physical path by requesting the /cgi/ directory if directory browsing is enabled. This results in partial confidentiality impact. The available sources do not provide exploit details, af...
HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)
It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...