LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-3877

CVE-2026-3877 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: April 2, 2026

VertiGIS FM solution - Reflected XSS

Published: April 1, 2026Updated: April 2, 2026PoC AvailableRemote Exploitable

Overview

VertiGIS FM solution contains a reflected XSS caused by improper sanitization in dashboard search functionality, letting attackers execute arbitrary JavaScript in authenticated users' context via crafted URLs, exploit requires user interaction.

Severity & Score

Severity: Medium
CVSS Score: 6.1

Impact

Attackers can execute arbitrary JavaScript in authenticated users' browsers, potentially stealing session data or performing actions on their behalf.

Mitigation

Update to the latest version with the XSS fix applied.

References

Related Resources

Details

CVE ID
CVE-2026-3877
Severity
Medium
CVSS Score
6.1
Type
reflected_xss
Status
confirmed

CWE

  • CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N