A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.
References
Configurations
No configuration.
History
05 Jul 2026, 02:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
22 Apr 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published. |
10 Apr 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CWE | CWE-79 |
09 Apr 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 16:16
Updated : 2026-07-05 02:17
NVD link : CVE-2025-70365
Mitre link : CVE-2025-70365
CVE.ORG link : CVE-2025-70365
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
