CVE-2026-35455

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-35455

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-35455

Immich (self-hosted photo/video management) has a Stored XSS in the 360° panorama viewer prior to version 2.7.0. An authenticated user can upload an equirectangular image containing crafted text; OCR extracts it and the panorama viewer renders it via innerHTML without sanitization. This allows ar...

CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

EUVD-2026-20583

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

PT-2026-31431

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

immich 跨站脚本漏洞

immich is a high-performance, open-source, self-hosted solution for managing photos and videos. Versions of immich prior to 2.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting flaw within the 360-degree panorama viewer, which could...

EUVD-2020-17609

Malware in sbrugna...

EUVD-2020-17608

Malware in sbrugna...

CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...

VulnCheck KEV: CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugintest.url...

WordPress Panorama Viewer – 360 Degree Image + Video Viewer Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Panorama Viewer – 360 Degree Image + Video Viewer Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90a4b4196c3c Credits...

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin versions = 1.0.7. Solution Update the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin to the latest available version at leas...

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.0.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin versions = 1.0.7. Solution Update the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin to the latest available version at least 1.0.8...

Krpano Panorama Viewer Cross-Site Scripting Vulnerability (CNVD-2021-02617)

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer in...

Krpano Panorama Viewer Cross-Site Scripting Vulnerability

krpano Panorama Viewer is a software for viewing panorama files from the German company krpano. The software supports high-resolution images, interactive virtual roaming, custom-designed user interface, and other features. A cross-site scripting vulnerability exists in Krpano Panorama Viewer 1.20...

CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...

CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugintest.url...

CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...