20 matches found
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210 Pannellum has a XSS vulnerability in hot spot attributes
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
CVE-2026-27210
CVE-2026-27210 | Pannellum XSS has concrete details in the connected documents. Affected: Pannellum core viewer (versions 3.5.0 through 2.5.6) where the hot spot attributes configuration property could be set to any attribute, including HTML event handlers, enabling potential XSS when using untru...
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...
Pannellum 跨站脚本漏洞
Pannellum is a lightweight, open-source panorama viewer built by Matthew Petroff. Versions 3.5.0 to 2.5.6 of Pannellum contain cross-site scripting vulnerabilities. These vulnerabilities stem from the hot spot attribute configuration, which allows setting of any attribute, potentially leading to...
Cross-site Scripting (XSS)
Overview pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplying a malicious...
Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
GHSA-8423-W5WX-H2R6 Pannellum has a XSS vulnerability in hot spot attributes
Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...
CVE-2025-12342
Serdar Bayram Ghost Hot Spot contains a SQL injection flaw in the Login component, originating from an unknown function in /Auth.php. The issue affects versions up to 20251014 (PTSecurity notes later versions as 20251015+). Exploitation can be conducted remotely; multiple sources indicate the exp...
EUVD-2025-36389
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2025-12342 Serdar Bayram Ghost Hot Spot Login Auth.php sql injection
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2025-12342 Serdar Bayram Ghost Hot Spot Login Auth.php sql injection
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
Serdar Bayram Ghost Hot Spot SQL注入漏洞
Serdar Bayram Ghost Hot Spot is a Portal Authentication System software by Serdar Bayram Individual Developer. A SQL injection vulnerability exists in Serdar Bayram Ghost Hot Spot 20251014 and earlier versions, which stems from a SQL injection vulnerability in the component Login in the file...
Weak Password Vulnerability in Enterprise Portal Server Management System of Guangzhou Hotspot Software Technology Co.
The business scope of Guangzhou Hot Spot Software Technology Co., Ltd. includes: manufacturing of communication system equipment; information system integration services; and retailing of communication equipment. The enterprise-level Portal server management system of Guangzhou Hotspot Software...
Watcher v1.5.8 - Web Security Testing Tool and Passive Vulnerability Scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availabili...
Watcher 1.4.1 - latest version download
"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...