Cross-site Scripting Vulnerability in Verge3D by Soft8Soft LLC
CVE-2025-22709
7.1HIGH
What is CVE-2025-22709?
A Cross-site Scripting (XSS) vulnerability exists in Verge3D by Soft8Soft LLC, which allows an attacker to inject malicious scripts into web pages. This reflected XSS issue can be exploited by sending specially crafted input to users, which can lead to unauthorized actions and data exposure. Affected versions include all pre-4.8.0 releases and 4.8.0, making it crucial for users to implement security measures to mitigate potential risks.
Affected Version(s)
Verge3D <= 4.8.0