Vulnerabilities > CVE-2020-4070 - Unspecified vulnerability in W3C CSS Validator
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b
- https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b
- https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c
- https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c