AdaptiveGRC CVE-2026-4313

EUVD-2026-25414 LOW

Cross-site Scripting (XSS) (CWE-79)

2026-04-24 CERT-PL

GHSA-r3x8-5j74-9fg2

XSS

2.4

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 24, 2026 - 14:00 vuln.today

Patch available

Apr 24, 2026 - 13:01 EUVD

CVSS changed

Apr 24, 2026 - 12:22 NVD

2.4 (LOW)

DescriptionNVD

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this may allow the attacker to obtain the administrator authentication token and perform arbitrary actions with administrative privileges, which could lead to further compromise.

This issue occurs in versions released before December 2025.

AnalysisAI

Stored XSS in AdaptiveGRC text-type form fields allows authenticated attackers to inject malicious JavaScript that executes in victims' browsers, potentially leading to theft of administrator authentication tokens and privilege escalation. The vulnerability affects multiple versions released before December 2025 due to improper server-side parameter validation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4313 vulnerability details – vuln.today

Back