CVE-2026-28272 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 2, 2026
Kiteworks - Stored XSS
Overview
Kiteworks < 9.2.0 contains a stored XSS caused by malicious script injection via a configuration interface, letting authenticated administrators execute scripts when users interact with the interface, exploit requires admin authentication.
Severity & Score
Impact
Authenticated administrators can execute malicious scripts, potentially compromising user sessions or data.
Mitigation
Update to version 9.2.0 or later.
Social Media Activity(1 post)
š CVE-2026-28272 - High (8.1) Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes ... š https://www.thehackerwire.com/vulnerability/CVE-2026-28272/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-28272
- Severity
- High
- CVSS Score
- 8.1
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 3.0%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N