CVE-2026-12163 | Fortra File Integrity Monitoring (FIM), formerly Tripwire En… | CVSS 5.5 MEDIUM

Description

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields could store script content that may be rendered as HTML instead of safely escaped text when the affected Asset View UI content is displayed.

Metadata

CVE ID: CVE-2026-12163
State: PUBLISHED
Assigner: Fortra
Reserved: 2026-06-12 19:31 UTC
Published: 2026-06-23 22:06 UTC
Last updated: 2026-06-23 22:35 UTC
Primary CWE: CWE-79
CWE-79 Improper neutralization of input during web page gene…
Vendor / Product: Fortra / File Integrity Monitoring (FIM)
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Fortra	File Integrity Monitoring (FIM)	—	0 < 9.4.0.1

Weakness (CWE)

CWE	Source	Description
CWE-79	cna	CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References (1)

https://www.fortra.com/security/advisories/product-security/fi-2026-009