Vulnerabilities and security researches forverge3d verge3d

Jun 15, 2025

CVE, Research URL: CVE-2025-49268
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4.
Affected versions: max 4.9.5.
Status: vulnerable

May 24, 2025

CVE, Research URL: CVE-2025-48241
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: May 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.
Affected versions: max 4.9.3.
Status: vulnerable

Apr 19, 2025

CVE, Research URL: CVE-2025-39443
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Apr 17, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0.
Affected versions: max 4.9.3.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30833
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Mar 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.8.2.
Affected versions: max 4.8.3.
Status: vulnerable

Jan 19, 2025

CVE, Research URL: CVE-2025-22709
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Jan 21, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0.
Affected versions: max 4.8.1.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2023-51421
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Dec 29, 2023
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
Affected versions: max 4.5.3.
Status: vulnerable

CVE, Research URL: CVE-2023-51420
Home page URL: Security reports for Verge3D Publishing and E-Commerce
Application: Verge3D Publishing and E-Commerce
Date: Dec 29, 2023
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
Affected versions: max 4.5.3.
Status: vulnerable