Antoni Kwietniewski

**Name of the Vulnerable Software and Affected Versions** AdaptiveGRC versions prior to December 2025 **Description** Stored Cross-Site Scripting (XSS) occurs via text type fields across forms. An authenticated attacker can modify the value of a text field in an HTTP POST request. Due to improper parameter validation by the server, arbitrary JavaScript can be executed in the victim's browser. This may allow an attacker to obtain the administrator authentication token and perform actions with administrative privileges, potentially leading to further compromise. **Recommendations** Update to a version released in December 2025 or later.

**Name of the Vulnerable Software and Affected Versions** ProIntegra Uptime DC software versions prior to 2.0.0.33940 **Description** The issue is related to improper authorization in ProIntegra Uptime DC software, allowing regular users to change passwords of all other users, including administrators, leading to a privilege escalation. **Recommendations** For versions prior to 2.0.0.33940, update to version 2.0.0.33940 or later to resolve the issue. As a temporary workaround, consider restricting access to user password management features to minimize the risk of exploitation.