anonhaven
Ad

CVE-2025-66880

MEDIUM CVSS 3.1: 6.1 EPSS 0.07%
Updated Mar 02, 2026
Parameter Value
CVSS 6.1 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS))
Public PoC No

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 2

https://github.com/ZyWAC/CVE-Disclosures/blob/main/2025/720yun/CVE-2025-66880.md
cve@mitre.org
https://www.720yun.com
cve@mitre.org
Share Post Share Share Share