A reflected cross-site scripting (XSS) vulnerability affects Kiteworks Secure Data Forms in versions prior to 9.3.0. The vulnerability allows external attackers to trick users into executing arbitrary JavaScript code. Kiteworks is a private data network (PDN) platform. The issue has been patched in version 9.3.0 and later. Organizations using affected versions should upgrade immediately to mitigate the risk.