Vulnerabilities and security researches forcanvasio3d-light canvasio3d-light

Jun 10, 2024

CVE, Research URL: CVE-2023-48776
Home page URL: Security reports for canvasio3D Light
Application: canvasio3D Light
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.
Affected versions: max 2.4.6.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-34411
Home page URL: Security reports for canvasio3D Light
Application: canvasio3D Light
Date: May 14, 2024
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0.
Affected versions: max 2.5.0.
Status: vulnerable

CVE, Research URL: CVE-2023-45062
Home page URL: Security reports for canvasio3D Light
Application: canvasio3D Light
Date: Oct 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <= 2.4.6 versions.
Affected versions: max 2.4.6.
Status: vulnerable