VYPR

Fm

by Vertigis

CVEs (2)

  • CVE-2026-0522HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.01

    A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the…

  • CVE-2026-3877MedApr 1, 2026
    risk 0.40cvss 6.1epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL…