CVE-2026-4313
LOW EPSS 43.8%
Published Apr 24, 20262mo ago · Modified Jun 17, 20262w ago
2.4 CVSS 4.0
Published Apr 24, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago
Description
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this may allow the attacker to obtain the administrator authentication token and perform arbitrary actions with administrative privileges, which could lead to further compromise. This issue occurs in versions released before December 2025.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X
Threat Intelligence
EPSS Exploit Probability
43.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
References 2
- adaptivegrc.com https://adaptivegrc.com/pl/wszystkie-procesy-grc-w-jednym-narzedziu/
- cert.pl https://cert.pl/posts/2026/04/CVE-2026-4313
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.