CVE-2026-27210

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hostin...

GHSA-8423-W5WX-H2R6 Pannellum has a XSS vulnerability in hot spot attributes

Impact The hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files bypassing the...

Cross-site Scripting (XSS)

Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...

Altair HyperView Player 安全漏洞

Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A security vulnerability exists in Altair HyperView Player that originates from uninitialized memory...

Altair HyperView Player 缓冲区错误漏洞

Altair HyperView Player is a standalone 3D viewer from Altair Japan. It is used to share CAE models and simulation results. A buffer error vulnerability exists in Altair HyperView Player that originates from allowing memory locations outside of the expected boundaries of the buffer to be read or...

Siemens Syngo FastView 缓冲区错误漏洞

Siemens Syngo FastView is a standalone viewer of Dicom 2 images provided on Dicom Exchange Media from Siemens, Germany. Siemens Syngo FastView is vulnerable to an out-of-bounds write vulnerability that stems from a lack of proper validation of user-supplied data when parsing DICOM files. An...