CVE-2026-24751
Analyzed Analyzed - Analysis Complete
Reflected Cross-Site Scripting in Kiteworks Secure Data Forms

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: GitHub, Inc.

Description
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-20
NVD
CVE-2026-24751
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
accellion kiteworks to 9.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The reflected XSS vulnerability in Kiteworks Secure Data Forms prior to version 9.3.0 could allow an external attacker to execute arbitrary JavaScript code, leading to a high impact on confidentiality. This type of vulnerability can potentially expose sensitive user data or enable unauthorized actions, which may result in non-compliance with data protection regulations such as GDPR or HIPAA that require safeguarding personal and sensitive information.

By allowing attackers to compromise confidentiality, this vulnerability could lead to breaches of protected data, thereby violating regulatory requirements for data security and privacy. Organizations using affected versions of Kiteworks may face increased risk of regulatory penalties if the vulnerability is exploited and not remediated.

Upgrading to Kiteworks version 9.3.0 or later is necessary to remediate the issue and help maintain compliance with these standards.

Detection Guidance

The vulnerability is a reflected Cross-site Scripting (XSS) issue in Kiteworks Secure Data Forms prior to version 9.3.0. Detection typically involves testing web application inputs for improper neutralization of user-controllable input that leads to execution of arbitrary JavaScript.

To detect this vulnerability on your system, you can perform manual or automated testing by sending crafted HTTP requests containing typical XSS payloads to the web forms or endpoints of the Kiteworks application and observing if the payload is reflected and executed.

  • Use curl or similar tools to send test payloads, for example: curl -v "http://your-kiteworks-url/path?input=<script>alert(1)</script>"
  • Use browser developer tools or proxy tools like Burp Suite to intercept and modify requests to inject XSS payloads and check for execution.
  • Employ automated scanners that detect reflected XSS vulnerabilities by crawling the web application and injecting test scripts.

Upgrading Kiteworks to version 9.3.0 or later is the recommended remediation to eliminate this vulnerability.

Executive Summary

This vulnerability is a reflected Cross-Site Scripting (XSS) issue in Kiteworks Secure Data Forms prior to version 9.3.0. It allows an external attacker to trick a user into executing arbitrary JavaScript code by reflecting malicious input back to the user.

Impact Analysis

The vulnerability can impact you by enabling attackers to execute arbitrary JavaScript code in the context of the affected application. This can lead to theft of sensitive information, session hijacking, or other malicious actions performed on behalf of the user.

Mitigation Strategies

Upgrade Kiteworks to version 9.3.0 or later to receive a patch that fixes the reflected XSS vulnerability in Kiteworks Secure Data Forms.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24751. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart