XSS in Vertigis Fm

CVE-2026-3877

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

Affected products

Vertigis Fm — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/ (third-party-advisory, technical-description)