10 matches found
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
CVE-2026-27210 | Pannellum XSS has concrete details in the connected documents. Affected: Pannellum core viewer (versions 3.5.0 through 2.5.6) where the hot spot attributes configuration property could be set to any attribute, including HTML event handlers, enabling potential XSS when using untru...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
Cross-site Scripting (XSS)
Overview pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplying a malicious...
GHSA-8423-W5WX-H2R6 Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...