XSS Vulnerability in Krpano Virtual Tour Software Exploited in Spam Campaign

A cross-site scripting (XSS) vulnerability in the Krpano virtual tour software allowed a malicious actor to redirect users to arbitrary domains. This flaw was exploited in a spam campaign targeting the websites of major organizations. Users were redirected to malicious sites, increasing the risk of their data being compromised. The vulnerability was used to abuse the trust users have in these reputable sites.