CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Krpano: >> Krpano >> 1.20.9 Security Vulnerabilities

CVE-2025-65892

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

CVSS Score

6.1

EPSS Score

0.0

Published

2025-11-29

Page 1

Vulnerabilities

Vulnerable Software

Krpano: >> Krpano >> 1.20.9 Security Vulnerabilities

Products

Pricing

Contact Us