CVE-2025-70365

Description

A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages.

References

• http://kiamo.com
• https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70365-Kiamo.md