{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/kiteworks-secure-data-forms/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Kiteworks Secure Data Forms"],"_cs_severities":["medium"],"_cs_tags":["xss","web-application","kiteworks"],"_cs_type":"advisory","_cs_vendors":["Kiteworks"],"content_html":"\u003cp\u003eKiteworks is a private data network (PDN) platform, and versions of Kiteworks Secure Data Forms prior to 9.2.1 are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-24750). This vulnerability allows an authenticated attacker to inject malicious scripts into data forms. When other users view or interact with the modified form, the injected script executes in their browser. This could lead to session hijacking, sensitive data theft, or other malicious activities. Organizations using vulnerable versions of Kiteworks are at risk of unauthorized access and data breaches. The vulnerability arises from a failure to properly sanitize user-supplied input during web page generation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the Kiteworks Secure Data Forms application.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a form that allows modification.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a malicious JavaScript payload into a form field. This payload is crafted to be stored in the application's database.\u003c/li\u003e\n\u003cli\u003eThe application saves the form with the malicious payload into its database.\u003c/li\u003e\n\u003cli\u003eA different user, or an administrator, accesses the modified form through the Kiteworks web interface.\u003c/li\u003e\n\u003cli\u003eThe web application retrieves the form data, including the malicious JavaScript payload, from the database.\u003c/li\u003e\n\u003cli\u003eThe application renders the form in the user's browser without properly sanitizing the data.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript code executes in the user's browser, potentially stealing cookies, redirecting the user to a phishing site, or performing other unauthorized actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24750 can lead to several adverse outcomes. An attacker could potentially gain access to sensitive data stored within the Kiteworks platform, compromise user accounts, and perform actions on behalf of other users. The impact ranges from data theft to complete compromise of the Kiteworks installation. Organizations in any sector using vulnerable Kiteworks installations may be affected. This vulnerability allows attackers to move laterally within the application and potentially escalate privileges.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Kiteworks to version 9.2.1 or later to patch CVE-2026-24750.\u003c/li\u003e\n\u003cli\u003eImplement and deploy the Sigma rule \u003ccode\u003eDetect Suspicious Kiteworks Form Modification\u003c/code\u003e to detect potential XSS injection attempts in HTTP requests to the Kiteworks server.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual patterns in requests to form modification endpoints, specifically looking for \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e tags or JavaScript event handlers, to identify potential exploitation attempts (webserver log source).\u003c/li\u003e\n\u003cli\u003eReview and audit existing Kiteworks Secure Data Forms for any unexpected or suspicious content that may indicate prior exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-kiteworks-xss/","summary":"An authenticated attacker can exploit a stored XSS vulnerability (CVE-2026-24750) in Kiteworks Secure Data Forms before version 9.2.1 due to improper neutralization of input, leading to arbitrary script execution in the context of other users.","title":"Kiteworks Secure Data Forms Stored XSS Vulnerability (CVE-2026-24750)","url":"https://feed.craftedsignal.io/briefs/2024-01-kiteworks-xss/"}],"language":"en","title":"CraftedSignal Threat Feed - Kiteworks Secure Data Forms","version":"https://jsonfeed.org/version/1.1"}