{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3877", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-03-10T12:01:10.709Z", "datePublished": "2026-04-01T13:12:24.268Z", "dateUpdated": "2026-04-01T13:33:40.924Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-01T13:12:24.268Z"}, "title": "Reflected Cross-Site Scripting in Dashboard Search", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "VertiGIS", "product": "VertiGIS FM", "versions": [{"status": "affected", "version": "0", "lessThan": "10.13.403", "versionType": "semver"}], "defaultStatus": "unknown"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vertigis:vertigis_fm:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndExcluding": "10.13.403"}]}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div>A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.</div></div>"}]}], "references": [{"url": "https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/", "tags": ["third-party-advisory", "technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"lang": "en", "value": "Benjamin Faller, Redguard AG", "type": "finder"}, {"lang": "en", "value": "Andreas Pfefferle, Redguard AG", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:33:04.235341Z", "id": "CVE-2026-3877", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:33:40.924Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3877", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T13:33:04.235341Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:33:23.711Z"}}], "cna": {"title": "Reflected Cross-Site Scripting in Dashboard Search", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Benjamin Faller, Redguard AG"}, {"lang": "en", "type": "finder", "value": "Andreas Pfefferle, Redguard AG"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VertiGIS", "product": "VertiGIS FM", "versions": [{"status": "affected", "version": "0", "lessThan": "10.13.403", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/", "tags": ["third-party-advisory", "technical-description"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.", "supportingMedia": [{"type": "text/html", "value": "<div><div>A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker.</div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vertigis:vertigis_fm:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.13.403", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-01T13:12:24.268Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3877", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:33:40.924Z", "dateReserved": "2026-03-10T12:01:10.709Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2026-04-01T13:12:24.268Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vertigis:fm:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AC1A10E-F49A-425E-B953-232730505400", "versionEndExcluding": "10.13.403", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker."}], "id": "CVE-2026-3877", "lastModified": "2026-04-02T19:36:47.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-04-01T14:16:58.130", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.13.403)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "VertiGIS FM", "source": "cna", "vendor": "VertiGIS"}, "product": "vertigis_fm", "vendor": "vertigis"}], "analysis": {"en": {"generated_at": "2026-04-02T23:01:26.162954+00:00", "value": {"mitigation_remediation": ["Obtain and install the latest VertiGIS FM patch or update that resolves the dashboard search XSS flaw.", "Verify that input to the dashboard search is properly sanitized and that user input is encoded before rendering.", "Monitor traffic for suspicious URLs or phishing attempts that could exploit the flaw."], "summary": {"action": "Patch Immediately", "impact": "Malicious script execution in authenticated user context"}, "threat_synthesis": {"affected_systems": "The issue affects the VertiGIS FM solution as distributed by VertiGIS. No specific version information is provided by the CNA; the vulnerability applies to any installation that includes the affected dashboard search functionality. The CPE strings identify the product as vertigis:fm and vertigis:vertigis_fm.", "description_and_impact": "The vulnerability is a reflected cross\u2011site scripting flaw in the dashboard search feature of VertiGIS FM. A maliciously crafted URL can contain arbitrary JavaScript that is executed in the browser when an authenticated user opens the link. This enables attackers to run scripts in the victim\u2019s browser session, potentially stealing session cookies, injecting malicious content, or performing unauthorized actions within the application.", "risk_and_exploitability": "The CVSS score of 7.3 indicates high severity. The EPSS score is below 1\u202f%, suggesting that widespread exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the flaw can be triggered by a simple link click, requiring only that the victim is authenticated and visits the crafted URL. This combination of low effort and high impact makes the risk moderate to high, especially within organizations where users routinely access internal dashboards."}}}}, "created": "2026-04-02T07:49:14.324643+00:00", "updated": "2026-04-03T09:19:07.221140+00:00", "vendors": ["vertigis", "vertigis$PRODUCT$vertigis_fm"]}