AdaptiveGRC Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in AdaptiveGRC, affecting versions released prior to December 2025. This issue allows authenticated attackers to inject arbitrary JavaScript into text fields across various forms. The vulnerability arises from inadequate server-side validation of input parameters, enabling the execution of malicious scripts in the context of the victim's browser. Notably, this could facilitate the theft of the administrator's authentication token, allowing the attacker to perform actions with administrative rights, potentially leading to further system compromise.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user, potentially leading to theft of authentication tokens and unauthorized administrative actions.

Added: Apr 24, 2026, 12:22 PM

Updated: Apr 24, 2026, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.0

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.0

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AdaptiveGRC Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating