Cross‑Site Scripting (XSS) Vulnerability in VertiGIS FM Dashboard Search

Dear Customers,

A security vulnerability was identified in the dashboard search functionality of VertiGIS FM. Under specific conditions, a crafted search request could have led to the execution of malicious JavaScript in the context of an authenticated user session (reflected cross‑site scripting, XSS). Such vulnerabilities can potentially impact the confidentiality and integrity of user sessions.

What has been improved?

With Release Sprint 158, we have closed this security gap by implementing additional URL validation to prevent the execution of injected JavaScript. This improvement effectively protects your system against this type of attack.

What do you need to do?

• Update your system to Release Sprint 158 as soon as possible.

If you have any questions or require assistance with the update, please contact our VertiGIS FM support team.