14 matches found
EUVD-2026-11534
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2026-3990
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2026-3990 CesiumGS CesiumJS standalone.html cross site scripting
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2026-3990
CesiumJS up to v1.137.0 is affected by CVE-2026-3990 due to a cross-site scripting flaw in a code path involving Apps/Sandcastle/standalone.html where an attacker can manipulate the argument c. The issue is exploitable remotely and an exploit has been released publicly; however, the CVE descripti...
CesiumGS CesiumJS 代码注入漏洞
CesiumGS CesiumJS is a JavaScript library created by CesiumGS Company in the United States, designed for creating and displaying three-dimensional Earth and geospatial data visualizations. Versions of CesiumGS CesiumJS 1.137.0 and earlier contained a code injection vulnerability. This vulnerabili...
PT-2026-24926
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...
GHSA-4532-PMX7-9WW7 Cross-site Scripting in cesium
A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...
CVE-2023-48094
A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...
CVE-2023-48094
A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...
CVE-2023-48094
A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...
Cross site scripting
A cross-site scripting XSS vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /containerfiles/publichtml/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of...
CVE-2023-48094
CVE-2023-48094 affects CesiumJS v1.111 and earlier, introducing a cross-site scripting (XSS) vulnerability exploitable by sending a crafted payload to /container_files/public_html/doc/index.html. The issue originates from how input is processed in that endpoint within CesiumJS, enabling arbitrary...
PT-2023-30696
Name of the Vulnerable Software and Affected Versions CesiumJS version 1.111 Description A cross-site scripting XSS vulnerability allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to "/container files/public html/doc/index.html". The...
CesiumJS Cross-Site Scripting Vulnerability
CesiumJS is a JavaScript library from Cesium for creating 3D globes and 2D maps in web browsers. A cross-site scripting vulnerability exists in CesiumJS v1.111 and earlier versions, which stems from a vulnerability that allows an attacker to execute arbitrary code in the victim's browser...