PT-2020-17860 · W3C · Class-Validator

Intrigus-Lgtm

Published

2020-06-22

Updated

2020-06-30

CVE-2020-4070

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CSS Validator versions prior to commit e5c09a9

Description The issue is related to a cross-site scripting vulnerability in handling URIs. It can be triggered when a user clicks on a specifically crafted validator link.

Recommendations For versions prior to commit e5c09a9, update to a version that includes the patch from commit e5c09a9 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-4070

GHSA-WF36-7W73-RH8C

Affected Products

Class-Validator

PT-2020-17860 · W3C · Class-Validator

CVE-2020-4070

Weakness Enumeration

Related Identifiers

Affected Products

References · 4