CVE-2023-1932

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 79

Summary

CVE-2023-1932 is a vulnerability affecting the 'isValid' method in hibernate-validator's SafeHtmlValidator class. This issue allows attackers to bypass the validation by omitting the tag ending in a less-than character, potentially leading to HTML injection and Cross-Site-Scripting (XSS) attacks. This flaw could result in browsers rendering invalid HTML, making it crucial for users to update their hibernate-validator packages to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Hibernate Validator

Affected Vendors

Hibernate

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ucc31Y
https://www.cve.org/CVERecord?id=CVE-2023-1932
https://nvd.nist.gov/vuln/detail/CVE-2023-1932

Back to Vulnerability Database