CVE-2026-24751
HIGHKiteworks < 9.3.0 - Reflected Cross-Site Scripting in Secure Data Forms
Title source: llmDescription
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-xp8m-wmmp-f947
Scores
CVSS v3
8.2
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
accellion/kiteworks
< 9.3.0
kiteworks/Secure Data Forms
< 9.3.0
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026