—

CVE-2026-3877EXPLOITED

vertigis · fm

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated vi

Description

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

Affected Products

Vendor	Product	Versions
vertigis	fm	up to 10.13.402

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
vertigis	fm	cert_advisory	90%

References

https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/

Related News (2 articles)

Tier B

BSI Advisories22h ago

[NEU] [hoch] VertiGIS FM: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-3877 | VertiGIS FM up to 10.13.402 cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 1, 2026

Last enriched21h agov3

Trending Score52

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 21h ago

v3Tier B21h ago

Updated severity to HIGH and marked the vulnerability as actively exploited with an exploit available.

severityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C1d ago

Added vendor and product information, updated affected versions to 'up to 10.13.402', and changed severity to HIGH.

vendorproductaffectedVersions

via VulDB

v11d ago

Initial creation