CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.

Published: Nov 7, 2024
Updated: May 4, 2025
CVE: CVE-2023-1932
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	7.0.0	7.0.0.x
redhat / single_sign-on	7.0	7.0.x
redhat / openstack_platform	13.0	13.0.x
redhat / codeready_studio	12.0	12.0.x
hibernate / hibernate-validator	-	6.2

https://access.redhat.com/security/cve/CVE-2023-1932
https://bugzilla.redhat.com/show_bug.cgi?id=1809444

Vulnerability Database

289,598

CVE-2023-1932