CVE-2025-65892

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

29/11/2025

Last modified:

29/11/2025

Description

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim&#39;s browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

Impact

References to Advisories, Solutions, and Tools

https://krpano.com/docu/releasenotes/?version=1.23.3
https://krpano.com/forum/wbb/index.php?thread%2F20554-krpano-1-23-3d-gaussian-splatting-support%2F=&postID=96997#post96997