Description
A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.
References (1)
Core 1
Core References
Third Party Advisory, Technical Description third-party-advisory
technical-description
https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/
Scores
CVSS v3
6.1
EPSS
0.0018
EPSS Percentile
8.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
vertigis/fm
< 10.13.403
VertiGIS/VertiGIS FM
< 10.13.403
Published
Apr 01, 2026
Tracked Since
Apr 01, 2026