cvedb.io
CVE-2026-24754
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2026-06-01T23:16:20.540 · Last modified 2026-06-17T10:23:32.510

Summary

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.

Affected products

accellion — kiteworks

Does this affect you?

Add your gear to cvedb and we'll alert you only when accellion ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.