Description
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/ZyWAC/CVE-Disclosures/blob/main/2025/720yun/CVE-2025-66880.md
Various Sources
https://www.720yun.com
Scores
CVSS v3
6.1
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026