Vulnerability Details CVE-2023-1932
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2023-1932
-
cpe:2.3:a:hibernate:hibernate-validator:-
-
cpe:2.3:a:redhat:codeready_studio:12.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
-
cpe:2.3:a:redhat:openstack_platform:13.0
-
cpe:2.3:a:redhat:single_sign-on:7.0