CVE-2025-70365

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.
Configurations

No configuration.

History

05 Jul 2026, 02:17

Type Values Removed Values Added
References
  • {'url': 'http://kiamo.com', 'source': 'cve@mitre.org'}

22 Apr 2026, 16:16

Type Values Removed Values Added
Summary (en) A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. (en) A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.

10 Apr 2026, 18:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79

09 Apr 2026, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-09 16:16

Updated : 2026-07-05 02:17


NVD link : CVE-2025-70365

Mitre link : CVE-2025-70365

CVE.ORG link : CVE-2025-70365


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')