CVE-2025-1781
28.03.2025, 14:15
There is a XXE in W3CSS Validator versions beforecssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.