CVE-2026-24752
Description
Kiteworks Secure Data Forms versions prior to 9.3.0 are vulnerable to reflected XSS, allowing attackers to execute arbitrary JavaScript in user browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Kiteworks Secure Data Forms versions prior to 9.3.0 are vulnerable to reflected XSS, allowing attackers to execute arbitrary JavaScript in user browsers.
Vulnerability
A reflected cross-site scripting (XSS) vulnerability exists in Kiteworks Secure Data Forms prior to version 9.3.0. This vulnerability resides within the logging module of the product [1].
Exploitation
An external attacker can trick a user into clicking a crafted link or interacting with malicious content. This interaction would cause arbitrary JavaScript code to be executed within the context of the victim's browser session [1].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript code in the context of the victim user. This could lead to session hijacking, data theft, or further malicious actions within the affected user's session [1].
Mitigation
Kiteworks has released version 9.3.0, which addresses this vulnerability. Users are advised to upgrade to version 9.3.0 or later. The vulnerable part of the product has been removed [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <9.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.