PT-2025-37757 · 3Dalloy · 3Dalloy
Somemwdev
·
Published
2025-09-15
·
Updated
2025-09-20
·
CVE-2025-59332
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
3DAlloy versions 1.0 through 1.8
Description
3DAlloy is a lightWeight 3D-viewer for MediaWiki. The
<3d> parser tag and the {{#3d}} parser function do not sanitize user-provided attributes, allowing arbitrary JavaScript to be inserted and executed when appended to the canvas HTML element.Recommendations
Update to a version of 3DAlloy newer than 1.8.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Dalloy