W3 Security Vulnerabilities
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly h...
7.7AI Score
0.944EPSS
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
8.3AI Score
0.142EPSS
A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather ...
6.1CVSS
6AI Score
0.001EPSS
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, ...
7.8CVSS
7.6AI Score
0.001EPSS
The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it ea...
3.7CVSS
4.4AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be in...
6.1CVSS
6AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.001EPSS