XSS in C&f Adaptivegrc

CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaSc…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.

Affected products

C&f Adaptivegrc — versions 5.420.00

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cert.pl/posts/2026/04/CVE-2026-4313 (third-party-advisory)
adaptivegrc.com/pl/wszystkie-procesy-grc-w-jednym-narzedziu/ (product)