Skip to main content

Pannellum

2 CVEs product

Monthly

CVE-2026-27210 npm MEDIUM PATCH This Month

Pannellum 2.5.0 through 2.5.6 allows arbitrary JavaScript execution through improperly sanitized hotspot configuration attributes in JSON files, enabling stored XSS attacks against users viewing panorama viewers with malicious configurations. An attacker can craft a malicious config file that executes code automatically upon page load without user interaction, potentially allowing page defacement or credential theft. A patch is available to address this vulnerability.

XSS Pannellum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2019-16763 npm MEDIUM PATCH This Month

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Pannellum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Pannellum 2.5.0 through 2.5.6 allows arbitrary JavaScript execution through improperly sanitized hotspot configuration attributes in JSON files, enabling stored XSS attacks against users viewing panorama viewers with malicious configurations. An attacker can craft a malicious config file that executes code automatically upon page load without user interaction, potentially allowing page defacement or credential theft. A patch is available to address this vulnerability.

XSS Pannellum
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Pannellum
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy