CVE-2019-10219 MEDIUM

CVE-2019-10219

Vendor Hibernate
Product hibernate-validator
Weakness CWE-79 · XSS
Published November 8, 2019
Last update July 7, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Key dates

02Disclosure timeline

November 8, 2019 CVE published
July 7, 2025 Record updated