Is CVE-2019-10219 actively exploited?

CVE-2019-10219 has no public evidence of in-the-wild exploitation as of 2025-07-07.

What is the CVSS score for CVE-2019-10219?

CVE-2019-10219 has a CVSS score of 6.1 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

How do I patch CVE-2019-10219?

Patch guidance is available from redhat security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-10219.

CVE-2019-10219 - remediation guidance & executive summary

Q: Which products are affected by CVE-2019-10219?

422 products: redhat hibernate validator, redhat hibernate validator, redhat hibernate validator, redhat hibernate validator, redhat hibernate validator, and 417 more.

Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: REDHAT
Published: 11/8/2019
Last Modified: 7/7/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

redhat : hibernate_validatorredhat : hibernate_validatorredhat : hibernate_validatorredhat : hibernate_validatorredhat : hibernate_validatorredhat : hibernate_validatorredhat : hibernate_validatorredhat : fuseredhat : jboss_data_gridredhat : jboss_enterprise_application_platformredhat : openshift_application_runtimesredhat : single_sign-onredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformnetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : management_services_for_element_software_and_netapp_hcinetapp : snapcenter_plug-innetapp : elementoracle : access_manageroracle : access_manageroracle : access_manageroracle : agile_engineering_data_managementoracle : agile_plmoracle : agile_plmoracle : agile_product_lifecycle_analyticsoracle : agile_product_lifecycle_management_integration_packoracle : airlines_data_modeloracle : airlines_data_modeloracle : application_expressoracle : application_performance_managementoracle : application_performance_managementoracle : application_testing_suiteoracle : argus_analyticsoracle : argus_analyticsoracle : argus_analyticsoracle : argus_analyticsoracle : argus_insightoracle : argus_insightoracle : argus_insightoracle : argus_safetyoracle : argus_safetyoracle : argus_safetyoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_apisoracle : banking_deposits_and_lines_of_credit_servicingoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_digital_experienceoracle : banking_enterprise_default_managementoracle : banking_enterprise_default_managementoracle : banking_enterprise_default_managementoracle : banking_enterprise_default_managementoracle : banking_enterprise_default_managementoracle : banking_enterprise_default_managmentoracle : banking_loans_servicingoracle : banking_party_managementoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : banking_platformoracle : bi_publisheroracle : bi_publisheroracle : bi_publisheroracle : bi_publisheroracle : big_data_spatial_and_graphoracle : business_activity_monitoringoracle : business_intelligenceoracle : business_intelligenceoracle : business_intelligenceoracle : business_intelligenceoracle : business_process_management_suiteoracle : business_process_management_suiteoracle : clinicaloracle : clinicaloracle : commerce_guided_searchoracle : commerce_platformoracle : communications_application_session_controlleroracle : communications_billing_and_revenue_managementoracle : communications_billing_and_revenue_managementoracle : communications_billing_and_revenue_management_elastic_charging_engineoracle : communications_billing_and_revenue_management_elastic_charging_engineoracle : communications_calendar_serveroracle : communications_calendar_serveroracle : communications_cloud_native_core_automated_test_suiteoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_consoleoracle : communications_cloud_native_core_network_function_cloud_native_environmentoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_policyoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_service_communication_proxyoracle : communications_cloud_native_core_unified_data_repositoryoracle : communications_contacts_serveroracle : communications_converged_application_server_-_service_controlleroracle : communications_convergenceoracle : communications_convergent_charging_controlleroracle : communications_convergent_charging_controlleroracle : communications_data_modeloracle : communications_data_modeloracle : communications_data_modeloracle : communications_data_modeloracle : communications_data_modeloracle : communications_design_studiooracle : communications_design_studiooracle : communications_design_studiooracle : communications_design_studiooracle : communications_design_studiooracle : communications_diameter_signaling_routeoracle : communications_eagle_application_processororacle : communications_instant_messaging_serveroracle : communications_interactive_session_recorderoracle : communications_interactive_session_recorderoracle : communications_messaging_serveroracle : communications_metasolv_solutionoracle : communications_network_charging_and_controloracle : communications_network_charging_and_controloracle : communications_network_integrityoracle : communications_network_integrityoracle : communications_offline_mediation_controlleroracle : communications_operations_monitororacle : communications_operations_monitororacle : communications_operations_monitororacle : communications_operations_monitororacle : communications_operations_monitororacle : communications_pricing_design_centeroracle : communications_pricing_design_centeroracle : communications_service_brokeroracle : communications_services_gatekeeperoracle : communications_session_border_controlleroracle : communications_session_border_controlleroracle : communications_session_border_controlleroracle : communications_session_border_controlleroracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : communications_webrtc_session_controlleroracle : communications_webrtc_session_controlleroracle : data_integratororacle : data_integratororacle : database_serveroracle : database_serveroracle : database_serveroracle : database_serveroracle : demantra_demand_managementoracle : documakeroracle : e-business_suiteoracle : enterprise_communications_brokeroracle : enterprise_data_qualityoracle : enterprise_data_qualityoracle : enterprise_manager_base_platformoracle : enterprise_manager_base_platformoracle : enterprise_manager_ops_centeroracle : enterprise_session_border_controlleroracle : enterprise_session_border_controlleroracle : essbaseoracle : essbaseoracle : essbaseoracle : essbase_administration_servicesoracle : essbase_administration_servicesoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_behavior_detection_platformoracle : financial_services_behavior_detection_platformoracle : financial_services_behavior_detection_platformoracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_foreign_account_tax_compliance_act_managementoracle : financial_services_foreign_account_tax_compliance_act_managementoracle : financial_services_foreign_account_tax_compliance_act_managementoracle : financial_services_model_management_and_governanceoracle : financial_services_trade-based_anti_money_launderingoracle : financial_services_trade-based_anti_money_launderingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_private_bankingoracle : flexcube_private_bankingoracle : fusion_middlewareoracle : fusion_middlewareoracle : fusion_middleware_mapvieweroracle : goldengateoracle : goldengateoracle : goldengateoracle : goldengate_application_adaptersoracle : graalvmoracle : graalvmoracle : graph_server_and_clientoracle : health_sciences_clinical_development_analyticsoracle : health_sciences_inform_crf_submitoracle : health_sciences_information_manageroracle : health_sciences_information_manageroracle : healthcare_data_repositoryoracle : healthcare_data_repositoryoracle : healthcare_data_repositoryoracle : healthcare_foundationoracle : healthcare_foundationoracle : healthcare_foundationoracle : healthcare_foundationoracle : healthcare_translational_researchoracle : hospitality_cruise_shipboard_property_management_systemoracle : hospitality_opera_5_property_servicesoracle : hospitality_reporting_and_analyticsoracle : hospitality_suite8oracle : hospitality_suite8oracle : hospitality_suite8oracle : hospitality_suite8oracle : hospitality_suite8oracle : http_serveroracle : http_serveroracle : hyperion_financial_managementoracle : hyperion_financial_managementoracle : hyperion_ilearningoracle : hyperion_ilearningoracle : hyperion_infrastructure_technologyoracle : instantis_enterprisetrackoracle : instantis_enterprisetrackoracle : instantis_enterprisetrackoracle : insurance_data_gatewayoracle : insurance_data_gatewayoracle : insurance_data_gatewayoracle : insurance_data_gatewayoracle : insurance_data_gatewayoracle : insurance_insbridge_rating_and_underwritingoracle : insurance_insbridge_rating_and_underwritingoracle : insurance_policy_administrationoracle : insurance_policy_administrationoracle : insurance_policy_administrationoracle : insurance_policy_administrationoracle : insurance_policy_administrationoracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : java_seoracle : java_seoracle : java_seoracle : jd_edwards_enterpriseone_orchestratororacle : jdkoracle : managed_file_transferoracle : managed_file_transferoracle : mysql_clusteroracle : mysql_clusteroracle : mysql_clusteroracle : mysql_clusteroracle : mysql_connectorsoracle : mysql_connectorsoracle : mysql_serveroracle : mysql_serveroracle : mysql_serveroracle : mysql_workbenchoracle : nosql_databaseoracle : oss_support_toolsoracle : peoplesoft_enterprise_cs_sa_integration_packoracle : peoplesoft_enterprise_cs_sa_integration_packoracle : peoplesoft_enterprise_people_toolsoracle : peoplesoft_enterprise_people_toolsoracle : peoplesoft_enterprise_people_toolsoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : policy_automationoracle : policy_automationoracle : primavera_analyticsoracle : primavera_analyticsoracle : primavera_analyticsoracle : primavera_data_warehouseoracle : primavera_data_warehouseoracle : primavera_data_warehouseoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_professional_project_managementoracle : primavera_p6_professional_project_managementoracle : primavera_p6_professional_project_managementoracle : primavera_p6_professional_project_managementoracle : primavera_portfolio_managementoracle : primavera_portfolio_managementoracle : primavera_portfolio_managementoracle : primavera_portfolio_managementoracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : rapid_planningoracle : real-time_decision_serveroracle : real_user_experience_insightoracle : real_user_experience_insightoracle : rest_data_servicesoracle : retail_allocationoracle : retail_allocationoracle : retail_allocationoracle : retail_allocationoracle : retail_analyticsoracle : retail_assortment_planningoracle : retail_back_officeoracle : retail_central_officeoracle : retail_customer_insightsoracle : retail_customer_management_and_segmentation_foundationoracle : retail_eftlinkoracle : retail_eftlinkoracle : retail_eftlinkoracle : retail_eftlinkoracle : retail_eftlinkoracle : retail_extract_transform_and_loadoracle : retail_financial_integrationoracle : retail_financial_integrationoracle : retail_financial_integrationoracle : retail_financial_integrationoracle : retail_fiscal_managementoracle : retail_integration_busoracle : retail_integration_busoracle : retail_integration_busoracle : retail_integration_busoracle : retail_integration_busoracle : retail_integration_busoracle : retail_integration_busoracle : retail_invoice_matchingoracle : retail_invoice_matchingoracle : retail_merchandising_systemoracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_order_management_systemoracle : retail_point-of-saleoracle : retail_predictive_application_serveroracle : retail_predictive_application_serveroracle : retail_predictive_application_serveroracle : retail_predictive_application_serveroracle : retail_predictive_application_serveroracle : retail_predictive_application_serveroracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_returns_managementoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_service_backboneoracle : retail_size_profile_optimizationoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : sd-wan_awareoracle : sd-wan_edgeoracle : sd-wan_edgeoracle : secure_backuporacle : siebel_applicationsoracle : spatial_studiooracle : thesaurus_management_systemoracle : thesaurus_management_systemoracle : thesaurus_management_systemoracle : timesten_in-memory_databaseoracle : timesten_in-memory_databaseoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_testing_acceleratororacle : utilities_testing_acceleratororacle : utilities_testing_acceleratororacle : vm_virtualboxoracle : webcenter_portaloracle : webcenter_portaloracle : weblogic_serveroracle : weblogic_serveroracle : weblogic_serveroracle : weblogic_serveroracle : zfs_storage_appliance_kitoracle : zfs_storage_application_integration_engineering_softwareoracle : communications_messaging_serveroracle : solarisoracle : solarisoracle : fujitsu_m10-1_firmwareoracle : fujitsu_m10-4_firmwareoracle : fujitsu_m10-4s_firmwareoracle : fujitsu_m12-1_firmwareoracle : fujitsu_m12-2_firmwareoracle : fujitsu_m12-2s_firmware

Remediation Guidance

Executive Summary

View on NIST NVD