In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
CPE | Name | Operator | Version |
---|---|---|---|
css-validator | eq | cssval-1-alpha | |
css-validator | eq | cssval-20190320 | |
css-validator | eq | cssval-201801 |