CVE-2019-10219
Description
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.674
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in Oracle 12.1.0.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle 12.1.0.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle 19c | Windows |
| Vulnerabilities CVE-2019-10219 are fixed in Hibernate-hibernate-validator 6.1.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Vulnerabilities CVE-2019-10219,CVE-2020-25644 are affected in Red Hat JBoss Data Grid 7.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.0.0 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 7.4.33 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 7.5.23 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 7.6.19 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 8.0.26 | Windows |
| Vulnerabilities CVE-2019-10219,CVE-2022-21393,CVE-2023-21893 are affected in Oracle 21c | Windows |
| Vulnerabilities CVE-2019-10219 are fixed in Hibernate-hibernate-validator 6.0.18 | Windows |
| Vulnerabilities CVE-2019-10219 are fixed in Hibernate-hibernate-validator for Linux 6.1.0 | Linux |
| Vulnerabilities CVE-2019-10219 are fixed in Hibernate-hibernate-validator for Linux 6.0.18 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234