Severity by source
AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Adjacent vector reflects internal NAC deployment; low privileges required to inject stored content; scope change inherent to XSS executing in victim browser context.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS.
This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stored cross-site scripting in Limatek System Inc.'s LimRAD NAC through version 08072026 allows an adjacent-network, low-privileged attacker to inject persistent malicious scripts that execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms that injected script execution crosses into the victim's browser security context, enabling potential session hijacking or credential theft targeting higher-privileged users such as administrators. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: first, the attacker must be on the same adjacent network segment or VLAN as the LimRAD NAC management interface (AV:A), ruling out direct internet-based exploitation; second, the attacker must possess at least low-level authenticated access to the NAC system (PR:L), meaning unauthenticated exploitation is not supported by the available CVSS data; third, a victim user must actively load the web page containing the injected payload (UI:R), preventing fully automated or non-interactive exploitation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.8 (Medium) accurately captures a constrained but real attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege credentials on the same internal network segment as the LimRAD NAC management interface submits a crafted payload into a stored input field - such as a device label, comment, or profile attribute - causing the script to persist in the application database. When a network administrator subsequently loads the affected management page, the stored script executes silently in their browser, potentially exfiltrating the admin's session token to an attacker-controlled endpoint or performing privileged actions within the NAC management console. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the vendor did not respond to TR-CERT's disclosure, leaving no official fix or upgrade path available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Limrad Nac
View allSame weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42222
GHSA-8hxc-h3cp-54g8