Reflected Cross-Site Scripting in Dashboard Search

Description

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.

Affected Products

Vendor	Product	Versions
vertigis	vertigis fm	0

References

https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/(third-party-advisory, technical-description)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-3877 | VertiGIS FM up to 10.13.402 cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.13.402

CWECWE-79

PublishedApr 1, 2026

Last enriched2h agov2

Trending Score33

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to HIGH, corrected patch version to 10.13.402, and noted that no exploit exists.

severitypatchAvailable

via VulDB

v13h ago

Initial creation