Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
PR:H reflects required high-privilege access to config fields; UI:R corrects the vendor vector since a victim must actively view the Asset View page for stored payload execution.
Primary rating from Vendor (Fortra).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionNVD
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.
AnalysisAI
Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation of the stored XSS stage requires an authenticated Fortra FIM account with sufficient privileges to create or modify node or database configuration fields in the Asset View UI component - a high-privilege role as reflected by PR:H in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.5 (Medium) with vector AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N reflects a meaningful tension between access barrier and downstream impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider threat or attacker who has already compromised a high-privilege Fortra FIM account navigates to a node or database configuration field in the Asset View UI and saves a crafted JavaScript payload - for example, a cookie-stealing script - as the field value. When a lower-privileged analyst or auditor subsequently opens the affected Asset View page during routine operations, the stored script executes silently in their browser session, exfiltrating their authentication token to an attacker-controlled endpoint. … |
| Remediation | The primary fix is to upgrade Fortra FIM to version 9.4.0.1 or later, as confirmed in the vendor advisory at https://www.fortra.com/security/advisories/product-security/fi-2026-009. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38631
GHSA-r6vh-m36j-r62m