CVE-2026-3877

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

EUVD-2026-17883

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-3877

The CVE-2026-3877 issue affects the VertiGIS FM dashboard search. It is a reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality that can be triggered when an authenticated user visits a crafted URL, leading to arbitrary JavaScript execution in the user’s browser...

CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

CVE-2026-0522 Local File Inclusion in the File Upload/Download Process

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

CVE-2026-0522

The CVE-2026-0522 issue affects VertiGIS FM (v10.5.00119) in the upload/download flow. A Local File Inclusion vulnerability allows an authenticated attacker to read arbitrary server files by manipulating the file path during upload; the downloaded file from the attacker-controlled path is then re...

PT-2026-29515

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

PT-2026-29518

A reflected cross-site scripting XSS vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered...

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. There is a security vulnerability in VertiGIS FM, which stems from a reflection-type cross-site scripting vulnerability in the dashboard search function. This vulnerability could allow attackers to create malicious...

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. Version 10.5.00119 of VertiGIS FM contains a security vulnerability. This vulnerability stems from the inclusion of local files during the upload/download process. It could allow authenticated attackers to read any...

CVE-2021-27374

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."...

EUVD-2021-14132

Malware in sbrugna...

CVE-2021-27374

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."...

Code injection

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."...

CVE-2021-27374

Summary: CVE-2021-27374 affects VertiGIS WebOffice. Both 10.7 SP1 prior to patch20210202 and 10.8 SP1 prior to patch20210207 are vulnerable. The issue reportedly permits attackers to access contents of the WebOffice application, indicating a disclosure of confidential data or restricted content v...

CVE-2021-27374

VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve "Zugriff auf Inhalte der WebOffice Applikation."...

das Klimabündnis VertiGIS WebOffice Access Control Error Vulnerability

das Klimabündnis VertiGIS WebOffice is an application from das Klimabündnis, Germany. It provides for the creation of maps and plans that can be accessed online. An Access Control Error vulnerability exists in VertiGIS WebOffice that allows an attacker to access the contents of the WebOffice...