EUVD-2026-17883

| CVE-2026-3877 HIGH
2026-04-01 NCSC.ch GHSA-mc25-w9g7-hq9v
7.3
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 01, 2026 - 13:30 vuln.today
EUVD ID Assigned
Apr 01, 2026 - 13:30 euvd
EUVD-2026-17883
CVE Published
Apr 01, 2026 - 13:12 nvd
HIGH 7.3

Tags

XSS

Description

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

Analysis

Reflected cross-site scripting in VertiGIS FM dashboard search functionality allows authenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs. The vulnerability affects VertiGIS FM across versions and requires user interaction (victim clicking a crafted link), but provides no authentication bypass-victims must already be logged into the application. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

EUVD-2026-17883 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy