CVE-2025-1781 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request for…
High CVSS: 8.4

CVE-2025-1781

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Vendor
W3
Product
Css Validator
CWE
CWE-611
Yayın Tarihi
2025-03-28 14:15:19
Güncelleme
2025-08-01 17:54:11
Source Identifier
cve-coordination@google.com
KEV Date Added
-

Kategoriler

CWE-611 Css Validator HIGH W3 2025

Referanslar

https://github.com/google/security-research/security/advisories/GHSA-745m-xmq6-g6x7