CVE-2026-27210

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

Cross-site Scripting (XSS)

Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...

GHSA-8423-W5WX-H2R6 Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

Altair HyperView Player 缓冲区错误漏洞

Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A buffer error vulnerability exists in Altair HyperView Player that originates from allowing memory locations outside of the expected boundaries of the buffer to be read or...

Altair HyperView Player 安全漏洞

Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A security vulnerability exists in Altair HyperView Player that originates from uninitialized memory...

Siemens Syngo FastView 缓冲区错误漏洞

Siemens Syngo FastView is a standalone viewer of Dicom 2 images provided on Dicom Exchange Media from Siemens, Germany. Siemens Syngo FastView is vulnerable to an out-of-bounds write vulnerability that stems from a lack of proper validation of user-supplied data when parsing DICOM files. An...