Lucene search
K

8 matches found

Snyk
Snyk
added last week5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added last week6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
NVD
NVD
added last week4 views

CVE-2026-28737

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS0.00336EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-28737

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week20 views

CVE-2026-28737

CVE-2026-28737 affects Gitea 1.25.0 and later, with a stored XSS flaw in the built-in 3D file viewer (Online3DViewer). When a GLTF file’s extensionsRequired contains an unsupported entry, the viewer emits an error message which Gitea then inserts into the DOM via unsanitized innerHTML, enabling a...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea

Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.16 views

Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.7AI score0.00336EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References8
Rows per page
Query Builder