CVE-2025-70365: n/a
A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.
AI Analysis
Technical Summary
This vulnerability involves stored XSS due to improper output encoding in Kiamo administrative interfaces before version 8.4. Authenticated administrators can inject malicious JavaScript that executes in other users' browsers when they access the affected pages. The vendor indicates that the issue was addressed in version 8.3.1, which predates the CVE publication. No official remediation level or patch link is provided in the CVE data, but the vendor's statement implies an official fix exists in 8.3.1.
Potential Impact
Successful exploitation allows an authenticated administrative user to execute arbitrary JavaScript in the browsers of users viewing the affected pages, potentially leading to session hijacking, unauthorized actions, or data exposure within the context of the affected application. The impact is limited to confidentiality and integrity with no availability impact noted. The medium CVSS score reflects these factors.
Mitigation Recommendations
The vendor has stated that a fix was released in version 8.3.1 before the CVE was published. Users should upgrade to version 8.3.1 or later to mitigate this vulnerability. Since the vendor advisory is the authoritative source and indicates a fix exists, applying the official patch is the recommended remediation. No additional mitigation steps are specified.
CVE-2025-70365: n/a
Description
A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. NOTE: the Supplier's position is that a fix for this had already been released for the 8.3.1 branch before the CVE Record was published.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves stored XSS due to improper output encoding in Kiamo administrative interfaces before version 8.4. Authenticated administrators can inject malicious JavaScript that executes in other users' browsers when they access the affected pages. The vendor indicates that the issue was addressed in version 8.3.1, which predates the CVE publication. No official remediation level or patch link is provided in the CVE data, but the vendor's statement implies an official fix exists in 8.3.1.
Potential Impact
Successful exploitation allows an authenticated administrative user to execute arbitrary JavaScript in the browsers of users viewing the affected pages, potentially leading to session hijacking, unauthorized actions, or data exposure within the context of the affected application. The impact is limited to confidentiality and integrity with no availability impact noted. The medium CVSS score reflects these factors.
Mitigation Recommendations
The vendor has stated that a fix was released in version 8.3.1 before the CVE was published. Users should upgrade to version 8.3.1 or later to mitigate this vulnerability. Since the vendor advisory is the authoritative source and indicates a fix exists, applying the official patch is the recommended remediation. No additional mitigation steps are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d7ce5e1cc7ad14dae8f90e
Added to database: 4/9/2026, 4:05:50 PM
Last enriched: 4/24/2026, 3:48:59 PM
Last updated: 5/24/2026, 7:33:28 PM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.