CVE-2020-4070

MEDIUM

CSS Validator <= 2020-01-19 - Cross-Site Scripting via URI Handling

Title source: llm
STIX 2.1

Description

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.

Scores

CVSS v3 4.6
EPSS 0.0055
EPSS Percentile 42.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
w3c/css_validator < 2020-01-19
Published Jun 22, 2020
Tracked Since Feb 18, 2026