Skip to main content

Vertigis Fm

2 CVEs product

Monthly

CVE-2026-3877 HIGH PATCH This Week

Reflected cross-site scripting in VertiGIS FM dashboard search functionality allows authenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs. The vulnerability affects VertiGIS FM across versions and requires user interaction (victim clicking a crafted link), but provides no authentication bypass-victims must already be logged into the application. CVSS score is not available; exploitation requires victim interaction and authentication context.

XSS Vertigis Fm
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-0522 HIGH PATCH This Week

Local file inclusion in VertiGIS FM's upload/download mechanism allows authenticated attackers to read arbitrary server files by manipulating file paths during upload, with potential for remote code execution if web.config is obtained and NTLM-relay attacks via UNC path resolution. VertiGIS FM version 10.5.00119 and earlier are affected, and the vulnerability requires valid application credentials to exploit.

RCE Vertigis Fm
NVD VulDB
CVSS 4.0
7.4
EPSS
0.4%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Reflected cross-site scripting in VertiGIS FM dashboard search functionality allows authenticated attackers to execute arbitrary JavaScript in victim browsers through malicious URLs. The vulnerability affects VertiGIS FM across versions and requires user interaction (victim clicking a crafted link), but provides no authentication bypass-victims must already be logged into the application. CVSS score is not available; exploitation requires victim interaction and authentication context.

XSS Vertigis Fm
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Local file inclusion in VertiGIS FM's upload/download mechanism allows authenticated attackers to read arbitrary server files by manipulating file paths during upload, with potential for remote code execution if web.config is obtained and NTLM-relay attacks via UNC path resolution. VertiGIS FM version 10.5.00119 and earlier are affected, and the vulnerability requires valid application credentials to exploit.

RCE Vertigis Fm
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy