Skip to content

Commit feb4007

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-q82r-57vj-xrfh GHSA-wq3v-qm63-hhj6
1 parent 848fa78 commit feb4007

File tree

2 files changed

+62
-0
lines changed

2 files changed

+62
-0
lines changed

advisories/unreviewed/2025/11/GHSA-q82r-57vj-xrfh/GHSA-q82r-57vj-xrfh.json

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q82r-57vj-xrfh",
4+
"modified": "2025-11-29T06:30:13Z",
5+
"published": "2025-11-29T06:30:13Z",
6+
"aliases": [
7+
"CVE-2025-65892"
8+
],
9+
"details": "Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65892"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://krpano.com/docu/releasenotes/?version=1.23.3"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://krpano.com/forum/wbb/index.php?thread/20554-krpano-1-23-3d-gaussian-splatting-support/&postID=96997#post96997"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2025-11-29T04:15:57Z"
32+
}
33+
}

advisories/unreviewed/2025/11/GHSA-wq3v-qm63-hhj6/GHSA-wq3v-qm63-hhj6.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wq3v-qm63-hhj6",
4+
"modified": "2025-11-29T06:30:13Z",
5+
"published": "2025-11-29T06:30:13Z",
6+
"aliases": [
7+
"CVE-2025-65540"
8+
],
9+
"details": "Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65540"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://github.com/Exrick/xmall/issues/101"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-11-29T04:15:56Z"
28+
}
29+
}

0 commit comments

Comments
 (0)