exploitDog

CVE-2025-1781

Опубликовано: 28 мар. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.

Ссылки

https://github.com/google/security-research/security/advisories/GHSA-745m-xmq6-g6x7
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:w3:css_validator:*:*:*:*:*:*:*:*

Версия до 20250226 (исключая)

EPSS

Процентиль: 47%

0.00243

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611

EPSS

Процентиль: 47%

0.00243

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611