CNNVD-202509-1986 Information

CNNVD ID

CNNVD-202509-1986

Related CVE

CVE-2025-59332

• CNNVD Published: 2025-09-15

Description (Chinese)

3DAlloy是Maxim Martynov个人开发者的一个轻量级3D查看器。 3DAlloy 1.8及之前版本存在跨站脚本漏洞，该漏洞源于未清理canvas HTML元素的自定义属性，可能导致执行任意JavaScript代码。

Description (English)

3DAlloy is a lightweight 3D viewer for Maxim Martynov’s personal developer. 3DAlloy 1.8 and previous versions had a cross-site script loophole, which stemmed from the self-defined properties of uncleaned Canvas HTML elements and could lead to the implementation of any JavaScript code.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/dolfinus/3DAlloy/commit/9fac7936254886265ac89c8824c4816d009b7a1b https://github.com/dolfinus/3DAlloy/security/advisories/GHSA-f2rp-232x-mqrh

Patch

https://github.com/dolfinus/3DAlloy