CVE-2026-24751
Description
Reflected XSS in Kiteworks Secure Data Forms allows attackers to trick users into executing JavaScript. Upgrade to 9.3.0+.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in Kiteworks Secure Data Forms allows attackers to trick users into executing JavaScript. Upgrade to 9.3.0+.
Vulnerability
A reflected XSS vulnerability exists in the Kiteworks Secure Data Forms component prior to version 9.3.0. This component is no longer included in the product. The vulnerability allows an external attacker to trick a user into executing arbitrary JavaScript code [1].
Exploitation
An external attacker can trick a user into visiting a crafted URL. This would cause the user's browser to execute arbitrary JavaScript code within the context of the user's session [1].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript code in the context of a logged-in user. This could lead to session hijacking, data theft, or further malicious actions within the user's permitted scope.
Mitigation
Upgrade Kiteworks to version 9.3.0 or later. The affected feature has been removed entirely from the product [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <9.3.0
- Range: <9.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.