Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
6 vulnerabilities found for Secure Data Forms by kiteworks
CVE-2026-23636 (GCVE-0-2026-23636)
Vulnerability from nvd – Published: 2026-03-25 16:58 – Updated: 2026-03-27 14:56
VLAI?
Title
Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
5.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:56:42.752629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:56:49.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:58:36.194Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm"
}
],
"source": {
"advisory": "GHSA-cfv8-p3hq-8wmm",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23636",
"datePublished": "2026-03-25T16:58:36.194Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-03-27T14:56:49.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23635 (GCVE-0-2026-23635)
Vulnerability from nvd – Published: 2026-03-25 16:57 – Updated: 2026-03-25 18:06
VLAI?
Title
Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
6.5 (Medium)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:51:55.311509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:06:51.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523: Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:58:09.786Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-9hw2-6qp4-3v8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-9hw2-6qp4-3v8f"
}
],
"source": {
"advisory": "GHSA-9hw2-6qp4-3v8f",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23635",
"datePublished": "2026-03-25T16:57:19.199Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-03-25T18:06:51.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24750 (GCVE-0-2026-24750)
Vulnerability from nvd – Published: 2026-03-25 15:22 – Updated: 2026-03-26 19:52
VLAI?
Title
Kiteworks Secure Data Forms vulnerable to Cross-site Scripting
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T19:34:33.947653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:52:12.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T15:22:16.694Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g"
}
],
"source": {
"advisory": "GHSA-rfwm-2hq6-h84g",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms vulnerable to Cross-site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24750",
"datePublished": "2026-03-25T15:22:16.694Z",
"dateReserved": "2026-01-26T19:06:16.060Z",
"dateUpdated": "2026-03-26T19:52:12.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23636 (GCVE-0-2026-23636)
Vulnerability from cvelistv5 – Published: 2026-03-25 16:58 – Updated: 2026-03-27 14:56
VLAI?
Title
Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
5.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:56:42.752629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:56:49.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:58:36.194Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-cfv8-p3hq-8wmm"
}
],
"source": {
"advisory": "GHSA-cfv8-p3hq-8wmm",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23636",
"datePublished": "2026-03-25T16:58:36.194Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-03-27T14:56:49.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23635 (GCVE-0-2026-23635)
Vulnerability from cvelistv5 – Published: 2026-03-25 16:57 – Updated: 2026-03-25 18:06
VLAI?
Title
Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
6.5 (Medium)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:51:55.311509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:06:51.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523: Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:58:09.786Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-9hw2-6qp4-3v8f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-9hw2-6qp4-3v8f"
}
],
"source": {
"advisory": "GHSA-9hw2-6qp4-3v8f",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23635",
"datePublished": "2026-03-25T16:57:19.199Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-03-25T18:06:51.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24750 (GCVE-0-2026-24750)
Vulnerability from cvelistv5 – Published: 2026-03-25 15:22 – Updated: 2026-03-26 19:52
VLAI?
Title
Kiteworks Secure Data Forms vulnerable to Cross-site Scripting
Summary
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T19:34:33.947653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:52:12.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T15:22:16.694Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-rfwm-2hq6-h84g"
}
],
"source": {
"advisory": "GHSA-rfwm-2hq6-h84g",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms vulnerable to Cross-site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24750",
"datePublished": "2026-03-25T15:22:16.694Z",
"dateReserved": "2026-01-26T19:06:16.060Z",
"dateUpdated": "2026-03-26T19:52:12.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}