CVE-2026-4313
Stored XSS in AdaptiveGRC
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this may allow the attacker to obtain the administrator authentication token and perform arbitrary actions with administrative privileges, which could lead to further compromise. This issue occurs in versions released before December 2025.
| CWE | CWE-79 |
| Vendor | c&f |
| Product | adaptivegrc |
| Published | Apr 24, 2026 |
| Last Updated | Apr 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for c&f adaptivegrc
Be the first to know when new unknown vulnerabilities affecting c&f adaptivegrc are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
C&F / AdaptiveGRC
5.420.00 < 5.420.66 5.420.00 < 5.444.119 5.420.00 < 5.448.116 5.420.00 < 5.453.110 5.420.00 < 5.454.64 5.420.00 < 5.455.87 5.420.00 < 5.456.60 5.420.00 < 5.499.113
C&F / AdaptiveGRC
5.420.00 < 5.420.14 5.420.00 < 5.423.7 5.420.00 < 5.444.20 5.420.00 < 5.448.42 5.420.00 < 5.449.40 5.420.00 < 5.453.19 5.420.00 < 5.454.17 5.420.00 < 5.456.20
References
Credits
Antoni Kwietniewski (mBank)