0.001 Low
EPSS
Percentile
36.1%
Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim’s browser.
pannellum
Upgrade to version 2.5.6 or later.