Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2025-1781
- EPSS 0.08%
- Veröffentlicht 28.03.2025 13:48:22
- Zuletzt bearbeitet 01.08.2025 17:54:11
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has acc...
5.4
CVE-2020-4070
- EPSS 0.34%
- Veröffentlicht 22.06.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:32:15
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
1