VYPR
Vendor

Krpano

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-65892MedNov 29, 2025
    risk 0.40cvss 6.1epss 0.00

    Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

  • CVE-2020-24901MedJan 7, 2021
    risk 0.40cvss 6.1epss 0.01

    The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url.

  • CVE-2020-24900MedJan 7, 2021
    risk 0.40cvss 6.1epss 0.01

    The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.