5.4
CVE-2026-24754
- EPSS 0.14%
- Veröffentlicht 01.06.2026 21:46:56
- Zuletzt bearbeitet 03.06.2026 15:28:15
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginKiteworks Secure Data Forms Vulnerable to Cross-site Scripting
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.033 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-gxvv-hwgc-w7gh