Fortra File Integrity Monitoring Fim
Monthly
Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. No public exploit code has been identified and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at time of analysis.
Stored cross-site scripting in Fortra File Integrity Monitoring (FIM) versions prior to 9.4.0.1 allows a highly privileged authenticated user to inject persistent script content into node or database configuration fields within the Asset View UI component. When another user subsequently views the affected Asset View page, the stored payload executes in their browser context rather than being safely escaped, enabling session hijacking, credential theft, or unauthorized UI manipulation against that victim. No public exploit code has been identified and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at time of analysis.