0.001 Low
EPSS
Percentile
36.1%
Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim’s browser.
pannellum
Upgrade to version 2.5.6 or later.
github.com/advisories/GHSA-m52x-29pq-w3vv
github.com/mpetroff/pannellum
github.com/mpetroff/pannellum/commit/cc2f3d99953de59db908e0c6efd1c2c17f7c6914
github.com/mpetroff/pannellum/security/advisories/GHSA-m52x-29pq-w3vv
nvd.nist.gov/vuln/detail/CVE-2019-16763
www.npmjs.com/advisories/1418