npm package
pannellum
pkg:npm/pannellum
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27210 | — | >= 2.5.0, < 2.5.7 | 2.5.7 | Feb 21, 2026 | Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affect | ||
| CVE-2019-16763 | Med | 4.8 | >= 2.5.0, < 2.5.5 | 2.5.5 | Nov 22, 2019 | In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential |
- CVE-2026-27210Feb 21, 2026affected >= 2.5.0, < 2.5.7fixed 2.5.7
Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affect
- affected >= 2.5.0, < 2.5.5fixed 2.5.5
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential