2 matches found
GHSA-7VVQ-7R29-5VG3 Cross site scripting in three.js
CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...
Cross site scripting in three.js
CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...