Skip to main content

Fortra FIM EUVDEUVD-2026-38631

| CVE-2026-12163 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-23 Fortra GHSA-r6vh-m36j-r62m
4.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (Fortra) PRIMARY
MEDIUM
qualitative
NVD
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
4.8 MEDIUM

PR:H reflects required high-privilege access to config fields; UI:R corrects the vendor vector since a victim must actively view the Asset View page for stored payload execution.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Fortra).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Jun 28, 2026 - 00:22 NVD
5.5 (MEDIUM) 4.8 (MEDIUM)
Patch available
Jun 24, 2026 - 02:00 EUVD
Analysis Generated
Jun 23, 2026 - 22:46 vuln.today

DescriptionNVD

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.

AnalysisAI

Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to FIM as high-privilege user
Delivery
Navigate to node or database config field
Exploit
Store crafted XSS payload in Asset View UI
Execution
Victim user opens affected Asset View page
Persist
Browser renders payload as executable script
Impact
Exfiltrate victim session token or manipulate UI

Vulnerability AssessmentAI

Exploitation Exploitation of the stored XSS stage requires an authenticated Fortra FIM account with sufficient privileges to create or modify node or database configuration fields in the Asset View UI component - a high-privilege role as reflected by PR:H in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.5 (Medium) with vector AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N reflects a meaningful tension between access barrier and downstream impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An insider threat or attacker who has already compromised a high-privilege Fortra FIM account navigates to a node or database configuration field in the Asset View UI and saves a crafted JavaScript payload - for example, a cookie-stealing script - as the field value. When a lower-privileged analyst or auditor subsequently opens the affected Asset View page during routine operations, the stored script executes silently in their browser session, exfiltrating their authentication token to an attacker-controlled endpoint. …
Remediation The primary fix is to upgrade Fortra FIM to version 9.4.0.1 or later, as confirmed in the vendor advisory at https://www.fortra.com/security/advisories/product-security/fi-2026-009. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy