216.73.217.24

CVE-2025-65892

· Published 29/11/2025 04:15 · Modified 23/12/2025 16:03

Labels: CVE-2025-65892 2025-11-29CVE-2025-65892CWE-79[email protected]

Essential information

Published
29/11/2025 04:15
Modified
23/12/2025 16:03
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
krpano / krpano cpe:2.3:a:krpano:krpano:*:*:*:*:*:*:*:*

References