7.6
/ 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Description
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Basic Information
ID
CVE-2026-24750
Source
GitHub_M
Published
Mar 25, 2026 at 15:22
Modified
Mar 26, 2026 at 19:52
Affected Product
Vendor
kiteworks
Product
Secure Data Forms
Version
< 9.2.1
Affected Versions
kiteworks Secure Data Forms < 9.2.1