CVE-2025-70365

MEDIUM

5.4

Descripcion

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages.

Detalles CVE

Puntuacion CVSS v3.15.4

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado4/9/2026

Ultima modificacion4/10/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-79

Referencias

http://kiamo.com(cve@mitre.org)

https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70365-Kiamo.md(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.