Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface. Version 9.2.0 contains a patch for the issue.
References
| Link | Resource |
|---|---|
| https://github.com/kiteworks/security-advisories/security/advisories/GHSA-7hxj-ch78-xqgr | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2026-02-27 21:16
Updated : 2026-03-04 19:48
NVD link : CVE-2026-28272
Mitre link : CVE-2026-28272
CVE.ORG link : CVE-2026-28272
JSON object : View
Products Affected
accellion
- kiteworks
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')