Massive Spam Campaign Exploits XSS Vulnerability in Krpano Framework

A cross-site scripting (XSS) vulnerability in the Krpano framework, used to integrate 360° images and videos into web pages and create virtual tours and virtual reality (VR) experiences, has been exploited to conduct a massive spam campaign by manipulating search results. This flaw allowed the mass injection of advertisements through virtual panoramas. The campaign was reported by the site Una Al Día.