Approved changes feed: RSS · Atom

cpe:2.3:a:w3:css_validator:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorW3 (11b4484f-87c5-5c4d-9d38-333439abc844)
ProductCss Validator (9e998150-f1d3-564e-b21d-a07a2d0c33fb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/w3c/css-validator purl2cpe 2026-06-01 10:17:39.847388

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1781 vulnerable 2026-06-08 07:08:38.155052 Details available
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Published: 2025-03-28T13:48:22.127Z
Updated: 2025-03-28T14:31:48.212Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.