Loading market data...
← Back to CVE feed

CVE-2026-24754

MEDIUM CVSS 5.4 View on NVD ↗

Description

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Published: Jun 01, 2026 23:16 UTC Modified: Jun 02, 2026 13:55 UTC