A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
{
"cna_assigner": "redhat",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1932.json"
}{
"cpe": "cpe:2.3:a:hibernate:hibernate-validator:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.2"
}
]
}