HIGH🇵🇱 Wersja polska

CVE-2026-24750

CVSS 7.6v3.1pub. 2026-03-25upd. 2026-03-27

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
  • Accellion Kiteworks

    APP
    Accellion
    < 9.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2026-24752HIGH8.2ten sam produkt

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks ...

CVE-2026-24782HIGH7.6ten sam produkt

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kit...

CVE-2026-24751HIGH8.2ten sam produkt

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks ...

CVE-2026-23514HIGH8.8ten sam produkt

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control v...

CVE-2026-28272HIGH8.1ten sam produkt

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protecti...