hsweb-system-oauth2-client is vulnerable to cross site request forgery (CSRF). The state
value which serves as an anti-CSRF token is not validated and verified for authenticated requests within the session, allowing a remote attacker to execute unwanted actions in the context of the user when the victim is tricked into visiting a malicious web page.