CVE Tools

w3c

Unclassifiedunknown

5

Cumulative CVEs

5

Monthly snapshots

#92

Peak rank

Top products

Latest CVEs

The 13 most recently published vulnerabilities affecting w3c.

CVE-2025-1781There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploit...6.5Mar 28, 2025
CVE-2014-125108w3c online-spellchecker-py spellchecker cross site scripting3.1Dec 23, 2023
CVE-2021-4296w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting3.5Dec 29, 2022
CVE-2020-4070Cross-site Scripting in CSS Validator4.6Jun 22, 2020
CVE-2008-6005Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "...10.0Jan 28, 2009
CVE-2008-5282Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id at...10.0Nov 29, 2008
CVE-2006-1900Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in ...7.6Apr 20, 2006
CVE-2005-3183The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message th...4.3Oct 12, 2005
CVE-2004-2274Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.6.4Jul 19, 2005
CVE-2002-1053Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host follow...6.8Apr 2, 2003
CVE-2002-1445Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is ins...4.3Mar 18, 2003
CVE-2002-1052Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the s...5.0Aug 31, 2002
CVE-2000-0079The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.7.5Feb 4, 2000