5.4
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Basic Information
ID
CVE-2026-24754
Source
GitHub_M
Published
Jun 1, 2026 at 21:46
Affected Product
Vendor
kiteworks
Product
security-advisories
Version
< 9.3.0
Affected Versions
kiteworks security-advisories < 9.3.0