CVE-2020-4070
MEDIUMCSS Validator <= 2020-01-19 - Cross-Site Scripting via URI Handling
Title source: llmDescription
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c
Scores
CVSS v3
4.6
EPSS
0.0055
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
w3c/css_validator
< 2020-01-19
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026