CVE-2020-4070

Published: Jun 22, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

4.6

MEDIUM

Description

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.

Vendor	Product	Versions
World Wide Web Consortium (W3C)	CSS Validator	affected `<= 54d68a1`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c

x_refsource_CONFIRM

https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-4070

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References