Executive Summary

CVE-2025-70365 is a stored cross-site scripting (XSS) vulnerability found in Kiamo versions prior to 8.4. It occurs because the administrative interface improperly encodes user-supplied input, especially in fields like the "description" field. An authenticated administrative user can inject arbitrary JavaScript code into these fields.

When other users view the affected pages, the injected JavaScript executes in their browsers. This can lead to malicious actions such as stealing session cookies or other sensitive information.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated administrative user to inject and execute arbitrary JavaScript code in the browsers of users who view the affected pages. This can lead to serious security issues such as theft of session cookies, including the "kiamo_session" cookie which contains sensitive user information.

Such exploitation can result in unauthorized access to user accounts, data leakage, and potentially further compromise of the system or user data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by inspecting the administrative interface of Kiamo versions prior to 8.4, specifically by checking user-supplied input fields such as the "description" field for injected JavaScript code.

Since the vulnerability requires an authenticated administrative user to inject code, detection involves reviewing inputs in the vulnerable fields for suspicious scripts.

There are no specific commands provided to detect this vulnerability automatically, but monitoring HTTP requests to the administrative interface and searching for suspicious JavaScript payloads in the "description" fields can help identify exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include applying the official patch by upgrading Kiamo to version 8.4 or later, which properly encodes user inputs to prevent JavaScript execution.

Until the patch is applied, it is advised to restrict access to the administrative interfaces to trusted users only.

Additionally, monitor and validate inputs in vulnerable fields such as the "description" field to detect and prevent injection of malicious scripts.

Useful 0 Not Useful 0

Compliance Impact

The stored cross-site scripting (XSS) vulnerability in Kiamo prior to version 8.4 allows an authenticated administrative user to inject arbitrary JavaScript code that executes in the browsers of users viewing affected pages. This can lead to actions such as cookie theft, including sensitive session information.

Such unauthorized access to sensitive user information and potential compromise of user sessions can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and breaches.

Until the vulnerability is patched, organizations using affected versions of Kiamo should restrict access to administrative interfaces and monitor inputs to mitigate risks and maintain compliance.

Useful 0 Not Useful 0