CVE Vulnerabilities

CVE-2025-65892

Published: Nov 29, 2025 | Modified: Nov 29, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Vulnerability-free packages from our partners

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-65892
CWE	https://cwe.mitre.org/data/definitions/.html

Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victims browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.

References

https://krpano.com/docu/releasenotes/?version=1.23.3
https://krpano.com/forum/wbb/index.php?thread/20554-krpano-1-23-3d-gaussian-splatting-support/\u0026postID=96997#post96997

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.