CVE-2026-24750

High CVSS: 7.6

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.

Vendor

Accellion

Product

Kiteworks

CWE

CWE-79

Yayın Tarihi

2026-03-25 16:16:20

Güncelleme

2026-03-27 19:23:26

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Kiteworks HIGH Accellion 2026

Referanslar

https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g

Benzer Kayıtlar

Medium

CVE-2026-29092

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway…

Medium

CVE-2026-23635

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of…

Medium

CVE-2026-23636

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form…

High

CVE-2026-23514

Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerabili…

Medium

CVE-2026-28270

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows upl…

Medium

CVE-2026-28271

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functional…