CVE-2025-65892

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions krpano versions prior to 1.23.2

Description A reflected Cross-Site Scripting (rXSS) issue exists in krpano. A remote, unauthenticated attacker can execute arbitrary JavaScript in a victim’s browser through a specially crafted URL. The issue involves the

passQueryParameters

function when the

xml

parameter is enabled. The

xml

parameter is a vulnerable parameter.

Recommendations Update to version 1.23.2 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-65892

Affected Products

Krpano

CVE-2025-65892

Related Identifiers

Affected Products

References · 6