Kiteworks Secure Data Forms Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.2.1. This issue allows authenticated attackers to exploit improper input neutralization during web page generation by modifying form labels of certain input types.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Remediation
Users are advised to upgrade Kiteworks to version 9.2.1 or later.
Added: Mar 25, 2026, 5:19 PM
Updated: Mar 25, 2026, 5:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
1.7exploitability
5.0remediation
0.0relevance
4.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.