A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Advertisement
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Information
Published : 2019-11-08 07:15
Updated : 2022-09-12 06:51
NVD link : CVE-2019-10219
Mitre link : CVE-2019-10219
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Advertisement
Products Affected
oracle
- insurance_policy_administration_j2ee
- communications_cloud_native_core_security_edge_protection_proxy
- graalvm
- communications_data_model
- communications_network_charging_and_control
- retail_back_office
- banking_deposits_and_lines_of_credit_servicing
- retail_returns_management
- retail_central_office
- communications_cloud_native_core_network_repository_function
- peoplesoft_enterprise_cs_sa_integration_pack
- weblogic_server
- communications_contacts_server
- mysql_cluster
- communications_cloud_native_core_network_function_cloud_native_environment
- zfs_storage_appliance_kit
- documaker
- jd_edwards_enterpriseone_orchestrator
- retail_invoice_matching
- financial_services_enterprise_case_management
- enterprise_manager_base_platform
- database_server
- thesaurus_management_system
- fujitsu_m10-4s
- retail_size_profile_optimization
- communications_cloud_native_core_unified_data_repository
- enterprise_communications_broker
- insurance_insbridge_rating_and_underwriting
- retail_service_backbone
- banking_enterprise_default_managment
- financial_services_behavior_detection_platform
- health_sciences_inform_crf_submit
- nosql_database
- graph_server_and_client
- hyperion_ilearning
- retail_xstore_point_of_service
- retail_merchandising_system
- retail_customer_insights
- communications_service_broker
- webcenter_portal
- fujitsu_m12-2
- retail_customer_management_and_segmentation_foundation
- banking_enterprise_default_management
- zfs_storage_application_integration_engineering_software
- instantis_enterprisetrack
- sd-wan_edge
- communications_cloud_native_core_automated_test_suite
- fujitsu_m12-2_firmware
- mysql_workbench
- health_sciences_clinical_development_analytics
- flexcube_investor_servicing
- communications_billing_and_revenue_management_elastic_charging_engine
- retail_fiscal_management
- hyperion_infrastructure_technology
- vm_virtualbox
- managed_file_transfer
- financial_services_foreign_account_tax_compliance_act_management
- primavera_unifier
- communications_operations_monitor
- hyperion_financial_management
- retail_financial_integration
- enterprise_manager_ops_center
- essbase_administration_services
- fujitsu_m10-4s_firmware
- demantra_demand_management
- communications_unified_inventory_management
- retail_predictive_application_server
- communications_cloud_native_core_console
- communications_convergent_charging_controller
- hospitality_suite8
- commerce_platform
- rapid_planning
- hospitality_opera_5_property_services
- communications_interactive_session_recorder
- fusion_middleware_mapviewer
- java_se
- clinical
- hospitality_reporting_and_analytics
- airlines_data_model
- retail_extract_transform_and_load
- agile_product_lifecycle_analytics
- flexcube_private_banking
- rest_data_services
- goldengate_application_adapters
- access_manager
- retail_order_management_system
- sd-wan_aware
- fusion_middleware
- argus_safety
- primavera_analytics
- essbase
- e-business_suite
- mysql_connectors
- insurance_policy_administration
- data_integrator
- insurance_rules_palette
- communications_network_integrity
- argus_insight
- business_intelligence
- goldengate
- communications_cloud_native_core_policy
- peoplesoft_enterprise_people_tools
- spatial_studio
- application_performance_management
- primavera_p6_enterprise_project_portfolio_management
- retail_eftlink
- fujitsu_m10-1_firmware
- retail_order_broker
- primavera_portfolio_management
- application_express
- communications_session_border_controller
- healthcare_foundation
- jdk
- health_sciences_information_manager
- http_server
- application_testing_suite
- retail_price_management
- fujitsu_m10-4_firmware
- mysql_server
- policy_automation
- communications_design_studio
- communications_instant_messaging_server
- timesten_in-memory_database
- financial_services_model_management_and_governance
- insurance_data_gateway
- argus_analytics
- real_user_experience_insight
- communications_messaging_server
- communications_cloud_native_core_binding_support_function
- banking_loans_servicing
- utilities_testing_accelerator
- banking_platform
- communications_webrtc_session_controller
- hospitality_cruise_shipboard_property_management_system
- communications_calendar_server
- retail_point-of-sale
- enterprise_data_quality
- solaris
- banking_party_management
- banking_apis
- primavera_p6_professional_project_management
- fujitsu_m12-1_firmware
- business_activity_monitoring
- communications_eagle_application_processor
- banking_digital_experience
- communications_pricing_design_center
- retail_assortment_planning
- retail_integration_bus
- enterprise_session_border_controller
- fujitsu_m12-2s_firmware
- communications_offline_mediation_controller
- secure_backup
- peoplesoft_enterprise_peopletools
- communications_application_session_controller
- retail_allocation
- commerce_guided_search
- communications_cloud_native_core_service_communication_proxy
- financial_services_analytical_applications_infrastructure
- healthcare_data_repository
- primavera_data_warehouse
- retail_analytics
- communications_converged_application_server_-_service_controller
- bi_publisher
- agile_engineering_data_management
- communications_convergence
- communications_diameter_signaling_route
- financial_services_trade-based_anti_money_laundering
- business_process_management_suite
- fujitsu_m10-4
- agile_product_lifecycle_management_integration_pack
- utilities_framework
- siebel_applications
- agile_plm
- communications_metasolv_solution
- fujitsu_m12-1
- communications_services_gatekeeper
- fujitsu_m12-2s
- primavera_gateway
- big_data_spatial_and_graph
- real-time_decision_server
- communications_billing_and_revenue_management
- fujitsu_m10-1
- oss_support_tools
- healthcare_translational_research
netapp
- active_iq_unified_manager
- snapcenter_plug-in
- element
- management_services_for_element_software_and_netapp_hci
redhat
- fuse
- jboss_enterprise_application_platform
- single_sign-on
- hibernate_validator
- enterprise_linux
- openshift_application_runtimes
- jboss_data_grid