PatchSiren

Kiamo CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Kiamo CVE published 2026-04-09

CVE-2025-70365

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. This stored XSS vulnerability has a CVSS score of 5.4, indicating Medium severity. Users of Kiamo befor [truncated]