Aggregates CVE and security vulnerability intelligence across all krpano-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-65892 | Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled. | [email protected] | 6.1 | 0.20% | 2025-11-29 | 2025-12-23 |
| CVE-2020-24901 | The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url. | [email protected] | 6.1 | 1.01% | 2021-01-07 | 2025-04-03 |
| CVE-2020-24900 | The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml. | [email protected] | 6.1 | 0.86% | 2021-01-07 | 2024-11-21 |