CVE-2025-1781
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
GitHub