Unrated severityNVD Advisory· Published Jun 23, 2026· Updated Jun 23, 2026

Stored XSS in Fortra File Integrity Monitoring (FIM)

CVE-2026-12163

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.

Affected products

Fortra/File Integrity Monitoringllm-fuzzy
Range: <9.4.0.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.fortra.com/security/advisories/product-security/fi-2026-009mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000