Kiteworks · Kiteworks · CVE-2026-24751
**Name of the Vulnerable Software and Affected Versions**
Kiteworks versions prior to 9.3.0
**Description**
A reflected Cross-Site Scripting (XSS) issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where malicious scripts are injected into otherwise trusted websites.
**Recommendations**
Update to version 9.3.0 or later.