Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Accellion |
|
| Kiteworks |
|
No data.
References
History
Wed, 03 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Accellion
Accellion kiteworks |
|
| CPEs | cpe:2.3:a:accellion:kiteworks:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Accellion
Accellion kiteworks |
Tue, 02 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 02 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Kiteworks
Kiteworks secure Data Forms |
|
| Vendors & Products |
Kiteworks
Kiteworks secure Data Forms |
Mon, 01 Jun 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | |
| Title | Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-01T21:46:56.301Z
Updated: 2026-06-02T15:45:48.778Z
Reserved: 2026-01-26T19:06:16.060Z
Link: CVE-2026-24754
Vulnrichment
Updated: 2026-06-02T15:09:16.501Z
NVD
Status : Analyzed
Published: 2026-06-01T23:16:20.540
Modified: 2026-06-03T15:28:15.543
Link: CVE-2026-24754
Redhat
No data.