216.73.216.133

CVE-2026-3877

· Published 01/04/2026 14:16 · Modified 02/04/2026 19:36

Labels: CVE-2026-3877 2026-04-01CVE-2026-3877CWE-79[email protected]

Essential information

Published
01/04/2026 14:16
Modified
02/04/2026 19:36
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vertigis / fm cpe:2.3:a:vertigis:fm:*:*:*:*:*:*:*:*

References