CVE-2025-70365

UNKNOWN View on NVD ↗

Description

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages.

References

http://kiamo.com
https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70365-Kiamo.md

Published: Apr 09, 2026 16:16 UTC Modified: Apr 09, 2026 16:16 UTC