CVE-2025-70365
Stored XSS in Kiamo Admin Interface Allows Script Injection
Publication date: 2026-04-09
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kiamo | kiamo | to 8.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70365 is a stored cross-site scripting (XSS) vulnerability found in Kiamo versions prior to 8.4. It occurs because the administrative interface improperly encodes user-supplied input, especially in fields like the "description" field. An authenticated administrative user can inject arbitrary JavaScript code into these fields.
When other users view the affected pages, the injected JavaScript executes in their browsers. This can lead to malicious actions such as stealing session cookies or other sensitive information.
How can this vulnerability impact me? :
This vulnerability allows an authenticated administrative user to inject and execute arbitrary JavaScript code in the browsers of users who view the affected pages. This can lead to serious security issues such as theft of session cookies, including the "kiamo_session" cookie which contains sensitive user information.
Such exploitation can result in unauthorized access to user accounts, data leakage, and potentially further compromise of the system or user data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the administrative interface of Kiamo versions prior to 8.4, specifically by checking user-supplied input fields such as the "description" field for injected JavaScript code.
Since the vulnerability requires an authenticated administrative user to inject code, detection involves reviewing inputs in the vulnerable fields for suspicious scripts.
There are no specific commands provided to detect this vulnerability automatically, but monitoring HTTP requests to the administrative interface and searching for suspicious JavaScript payloads in the "description" fields can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patch by upgrading Kiamo to version 8.4 or later, which properly encodes user inputs to prevent JavaScript execution.
Until the patch is applied, it is advised to restrict access to the administrative interfaces to trusted users only.
Additionally, monitor and validate inputs in vulnerable fields such as the "description" field to detect and prevent injection of malicious scripts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The stored cross-site scripting (XSS) vulnerability in Kiamo prior to version 8.4 allows an authenticated administrative user to inject arbitrary JavaScript code that executes in the browsers of users viewing affected pages. This can lead to actions such as cookie theft, including sensitive session information.
Such unauthorized access to sensitive user information and potential compromise of user sessions can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and breaches.
Until the vulnerability is patched, organizations using affected versions of Kiamo should restrict access to administrative interfaces and monitor inputs to mitigate risks and maintain compliance.