Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-1932
Reference:
CVE-2023-1932
Title:
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A flaw was found in hibernate-validator39s 39isValid39 method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html allowing HTML injection or Cross-Site-Scripting (XSS) attacks.