Medium severity5.4NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026
CVE-2026-24754
CVE-2026-24754
Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <9.3.0
Patches
Vulnerability mechanics
References
1News mentions
1- Kiteworks Secure Data Forms: Nine Vulnerabilities Disclosed in Single BatchVypr Intelligence · Jun 1, 2026