PT-2026-27933 · Iqonic Design · Kivicare

CVE-2026-25383

·

Published

2026-03-25

·

Updated

2026-03-30

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Iqonic Design KiviCare versions through 3.6.16
Description The software contains a flaw due to improper input neutralization during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is the web page generation process. The vulnerable parameter is not specified.
Recommendations Update to a version later than 3.6.16.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-25383

Affected Products

Kivicare