38 matches found
CVE-2025-23876
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in No-Nonsense WP krpano wp-krpano allows Stored XSS.This issue affects WP krpano: from n/a through = 1.2.1...
CVE-2025-65892
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
EUVD-2025-199902
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
CVE-2025-65892
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
CVE-2025-65892
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
CVE-2025-65892
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
krpano 安全漏洞
krpano is a VR media production and display software toolset from the Austrian company krpano. A security vulnerability exists in krpano versions prior to 1.23.2, which stems from improper handling of the passQueryParameters function and could lead to a reflective cross-site scripting attack...
PT-2025-48371
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
CVE-2025-65892
CVE-2025-65892 describes a reflected cross-site scripting (rXSS) in krpano before version 1.23.2. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary JavaScript in the victim’s browser via a crafted URL to the passQueryParameters function with the xml parameter enable...
CVE-2025-65892
Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...
EUVD-2020-17609
Malware in sbrugna...
EUVD-2020-17608
Malware in sbrugna...
EUVD-2025-3497
Malicious code in bioql PyPI...
CVE-2020-24900
The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...
Over 350 High-Profile Websites Hit by 360XSS Attack
360XSS campaign exploits Krpano XSS to hijack search results & distribute spam ads on 350+ sites, including government,…...
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
A cross-site scripting XSS vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report...
VulnCheck KEV: CVE-2020-24901
The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugintest.url...
CVE-2025-23876
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in No-Nonsense WP krpano wp-krpano allows Stored XSS.This issue affects WP krpano: from n/a through = 1.2.1...
CVE-2025-23876 WordPress WP krpano plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in No-Nonsense WP krpano wp-krpano allows Stored XSS.This issue affects WP krpano: from n/a through = 1.2.1...
WordPress WP krpano plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP krpano versions = 1.2.1...