W3

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-1781 1W3 1Css Validator Aug 1, 2025 Mar 28, 2025 8.4 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary loca...Show more There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.Show less
CVE-2014-125108 1W3 1Spell Checker Nov 21, 2024 Dec 23, 2023 N/A· v4 6.1 MEDIUM· v3 2.6 LOW· v2 A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scriptin...Show more A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.Show less
CVE-2023-30300 1W3 1Webassembly Jan 30, 2025 May 3, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
CVE-2021-4296 1W3 1Unicorn Nov 21, 2024 Dec 29, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulat...Show more A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.Show less
CVE-2016-9487 1W3 1Epubcheck Nov 21, 2024 Jul 13, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read...Show more EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.Show less
CVE-2017-5928 1W3 1High Resolution Time Api May 13, 2026 Feb 27, 2017 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla....Show more The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.Show less
CVE-2009-1209 1W3 1Amaya Apr 23, 2026 Apr 1, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
CVE-2009-0323 1W3 1Amaya Apr 23, 2026 Jan 28, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAt...Show more Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.Show less