Stored XSS in Fortra File Integrity Monitoring (FIM)

FI-2026-009 - Stored XSS in Fortra File Integrity Monitoring (FIM)

Severity
Medium
Published Date
23-Jun-2026
Updated Date
23-Jun-2026
Vulnerabilities
CVE-2026-12163
 
Notes
Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.

 

Vulnerabilities

 
Stored XSS in Fortra File Integrity Monitoring (FIM)
Severity
Medium
CVE
CVE-2026-12163
CWE
CWE-79: Improper neutralization of input during web page generation ('cross-site scripting')
Discovery Date
11-Jun-2026
CSSv3.1
5.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
Affected Products
Vulnerability Notes
Remediation: Vendor Fix

Upgrade to version 9.4.0.1 or later.

 
References