VYPR

Pannellum

by Mpretroff

npm: pannellum

Source repositories

CVEs (2)

  • CVE-2019-16763MedNov 22, 2019
    risk 0.24cvss 4.8epss 0.01

    In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible…

  • CVE-2026-27210Feb 21, 2026
    risk 0.00cvss epss 0.00

    Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This…