Skip to main content

Progress Flowmon ADS CVE-2026-2513

Cross-site Scripting (XSS) (CWE-79)
2026-03-12 security@progress.com

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 13:16 nvd
N/A

DescriptionCVE.org

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

AnalysisAI

This vulnerability allows attackers to trick administrators into performing unintended actions within Flowmon ADS by clicking malicious links while logged in. It affects Progress Flowmon ADS versions before 12.5.5 and 13.0.3. An attacker could exploit an administrator's authenticated session to make unauthorized changes to the system without the administrator's knowledge or consent.

Technical ContextAI

This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects A vulnerability exists in Progress Flowmon ADS. exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

Affected ProductsAI

Product: A vulnerability exists in Progress Flowmon ADS. Versions: up to 12.5.5.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.

Share

CVE-2026-2513 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy