Vulnerabilities

CVE-2025-65892

by Fred · 29/11/2025

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim’s browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

More information : https://krpano.com/docu/releasenotes/?version=1.23.3

Similar

Tags: Cybersecurity Alert