Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Bug on www.360cities.net krpano embedding script
23 views
Skip to first unread message
JesusSavedMe
Jan 8, 2025, 7:11:31 AMJan 8
to 360Cities Community
Hi
The KRPano JS used in site seems to be vulnerable to XSS execution.
URL to Reproduce :
Browse : https://www.360cities.net/?xml=https://files.catbox.moe/8u3vhd.xml
And wait till loaded
Current KRPano Version: krpano 1.20.11
Updating krpano Embedding Script might fix the issue
Hoping that you mitigate it sooner as
Regards
JesusSavedMe
The KRPano JS used in site seems to be vulnerable to XSS execution.
URL to Reproduce :
Browse : https://www.360cities.net/?xml=https://files.catbox.moe/8u3vhd.xml
And wait till loaded
Current KRPano Version: krpano 1.20.11
Updating krpano Embedding Script might fix the issue
Hoping that you mitigate it sooner as
Cross-Site Scripting (XSS) risks include:
- Session Hijacking: Attackers steal session cookies, impersonating users and gaining unauthorized access.
- Credential Theft: XSS can steal login details, allowing attackers to take over accounts.
- Website Defacement: Attackers modify a website's appearance, damaging its reputation.
- Malicious Redirects: Users are redirected to phishing or malware sites.
- Data Theft: Sensitive data, like personal information or credit card details, can be stolen.
- Malware Distribution: XSS can inject malware onto users' devices.
- Privilege Escalation: Attackers may gain admin access to systems or sensitive areas.
- Denial of Service (DoS): XSS can cause browsers or servers to crash or slow down.
- Loss of Trust: Affected sites lose user trust, impacting reputation and business.
Regards
JesusSavedMe
Elena Martinez
Jan 8, 2025, 10:50:22 AMJan 8
to 360Cities Community
Hello
JesusSavedMe,
Thanks for your report. We'll update krpano.
Regards,
Elena
Reply all
Reply to author
Forward
0 new messages