26 matches found
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
CVE-2026-27210 | Pannellum XSS has concrete details in the connected documents. Affected: Pannellum core viewer (versions 3.5.0 through 2.5.6) where the hot spot attributes configuration property could be set to any attribute, including HTML event handlers, enabling potential XSS when using untru...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
Pannellum 跨站脚本漏洞
Pannellum is a lightweight, open-source panorama viewer built by Matthew Petroff. Versions 3.5.0 to 2.5.6 of Pannellum contain cross-site scripting vulnerabilities. These vulnerabilities stem from the hot spot attribute configuration, which allows setting of any attribute, potentially leading to...
Cross-site Scripting (XSS)
Overview pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplying a malicious...
Cross-site Scripting (XSS)
Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...
GHSA-8423-W5WX-H2R6 Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
@hotosm/id (>=2.18.1 <=2.34.0), @janefeel/id (>=2.35.0-dev <=2.35.23) +6 more potentially affected by CVE-2026-27210 via pannellum (=2.5.6)
pannellum NPM version =2.5.6 is affected by a known vulnerability. The following packages have a transitive dependency on pannellum and may be impacted: - @hotosm/id =2.18.1, =2.35.0-dev, =2.35.25, =2.18.5, =2.1.0, =2.33.0, =2.33.3 Source cves: CVE-2026-27210 Source advisory:...
@hotosm/id (>=2.18.1 <=2.34.0), @janefeel/id (>=2.35.0-dev <=2.35.23) +6 more potentially affected by CVE-2026-27210 via pannellum (=2.5.6)
pannellum NPM version =2.5.6 is affected by a known vulnerability. The following packages have a transitive dependency on pannellum and may be impacted: - @hotosm/id =2.18.1, =2.35.0-dev, =2.35.25, =2.18.5, =2.1.0, =2.33.0, =2.33.3 Source cves: CVE-2026-27210 Source advisory: OSV:GHSA-8423-W5WX-H...
Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
PT-2026-21004
Name of the Vulnerable Software and Affected Versions Pannellum versions 2.5.6 through 3.5.0 Description Pannellum is a panorama viewer for the web. Versions 2.5.6 through 3.5.0 have a flaw where the hot spot attributes configuration property allows setting any attribute, including HTML event...
CVE-2019-16763
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...
Cross-Site Scripting
Overview Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim's browser. Recommendation Upgrade to version 2.5.6 or later. References - GitHub Security...
Cross-Site Scripting (XSS)
Pannellum is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to insufficient sanitization for data URLs such as vbscript:...
Pannellum Cross-Site Scripting Vulnerability
Pannellum is a lightweight open source web-based panoramic viewer. A cross-site scripting vulnerability exists in Pannellum versions 2.5.0 through 2.5.4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability ...
CVE-2019-16763
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...