Skip to main content

Adaptivegrc

1 CVEs product

Monthly

CVE-2026-4313 LOW PATCH Monitor

Stored XSS in AdaptiveGRC text-type form fields allows authenticated attackers to inject malicious JavaScript that executes in victims' browsers, potentially leading to theft of administrator authentication tokens and privilege escalation. The vulnerability affects multiple versions released before December 2025 due to improper server-side parameter validation. User interaction is required for exploitation, and the attacker must first authenticate to the application.

XSS Adaptivegrc
NVD VulDB
CVSS 4.0
2.4
EPSS
0.1%
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Stored XSS in AdaptiveGRC text-type form fields allows authenticated attackers to inject malicious JavaScript that executes in victims' browsers, potentially leading to theft of administrator authentication tokens and privilege escalation. The vulnerability affects multiple versions released before December 2025 due to improper server-side parameter validation. User interaction is required for exploitation, and the attacker must first authenticate to the application.

XSS Adaptivegrc
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy