Approved changes feed: RSS · Atom

cpe:2.3:a:w3c:css_validator:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorW3C (62e9f25e-7fc3-5790-8300-1ced91cdb7b8)
ProductCss Validator (767c31b7-5888-576c-bc25-763f3f00ea47)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/w3c/css-validator purl2cpe 2026-06-01 10:11:50.055593
pkg:maven/org.w3c.css/css-validator purl2cpe 2026-06-01 10:11:50.055595

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1781 vulnerable 2026-06-08 07:08:38.153947 Details available
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Published: 2025-03-28T13:48:22.127Z
Updated: 2025-03-28T14:31:48.212Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-4070 vulnerable 2026-06-08 05:25:58.807849 Cross-site Scripting in CSS Validator
MEDIUM (4.6)
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
Published: 2020-06-22T15:40:12.000Z
Updated: 2024-08-04T07:52:20.971Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.