Reflected XSS Vulnerability in Kiteworks Secure Data Forms
CVE-2026-24751

8.2HIGH

Key Information:

Vendor

Kiteworks

Vendor
CVE Published:
1 June 2026

What is CVE-2026-24751?

Kiteworks Secure Data Forms prior to version 9.3.0 contain a reflected Cross-Site Scripting (XSS) vulnerability, which may permit an external attacker to execute malicious JavaScript code by tricking users into clicking on specially crafted links. This vulnerability underscores the importance of maintaining updated software versions to mitigate potential threats. Users should promptly upgrade to version 9.3.0 or higher to ensure protection against this issue.

Affected Version(s)

Secure Data Forms < 9.3.0

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.