6 matches found
portofolio_DWForSec
DwF — Cybersecurity Portfolio A professional cybersecurity po...
GHSA-7VVQ-7R29-5VG3 Cross site scripting in three.js
CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...
Cross site scripting in three.js
CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...
Cross-site Scripting (XSS) - DOM in mrdoob/three.js
Description DOM-based XSS is a vulnerability in which the attacker can inject arbitrary javascript code in any DOM sink that supports dynamic code execution. In our case, source is window.location.hash and sink is iframe.src Proof of Concept 1 Visit...
CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
UBUNTU-CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...