Skip to main content

Fortra File Integrity Monitoring Fim

1 CVEs product

Monthly

CVE-2026-12163 MEDIUM PATCH This Month

Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. No public exploit code has been identified and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at time of analysis.

XSS Fortra File Integrity Monitoring Fim
NVD VulDB
CVSS 3.1
4.8
EPSS
0.2%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. No public exploit code has been identified and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at time of analysis.

XSS Fortra File Integrity Monitoring Fim
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy