CVE-2026-4313

Name of the Vulnerable Software and Affected Versions AdaptiveGRC versions prior to December 2025

Description Stored Cross-Site Scripting (XSS) occurs via text type fields across forms. An authenticated attacker can modify the value of a text field in an HTTP POST request. Due to improper parameter validation by the server, arbitrary JavaScript can be executed in the victim's browser. This may allow an attacker to obtain the administrator authentication token and perform actions with administrative privileges, potentially leading to further compromise.

Recommendations Update to a version released in December 2025 or later.