top of page
perceptive_background_267k.jpg

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutraliza…

Published:

24 March 2026 at 23:00:00

Alert date:

25 March 2026 at 19:06:05

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Kiteworks Secure Data Forms prior to version 9.2.1 contains a stored cross-site scripting (XSS) vulnerability. An authenticated attacker can exploit improper neutralization of input during web page generation when modifying forms. The vulnerability allows for stored XSS attacks through form modification functionality. Kiteworks is described as a private data network (PDN) platform. Users should upgrade to version 9.2.1 or later to receive the security patch. The vulnerability is tracked as CVE-2026-24750 and has been assigned a high criticality rating.

Technical details

Mitigation steps:

Affected products:

Kiteworks Secure Data Forms

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24750
https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page