Progress Flowmon ADS CVE-2026-2513
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.
AnalysisAI
This vulnerability allows attackers to trick administrators into performing unintended actions within Flowmon ADS by clicking malicious links while logged in. It affects Progress Flowmon ADS versions before 12.5.5 and 13.0.3. An attacker could exploit an administrator's authenticated session to make unauthorized changes to the system without the administrator's knowledge or consent.
Technical ContextAI
This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects A vulnerability exists in Progress Flowmon ADS. exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.
Affected ProductsAI
Product: A vulnerability exists in Progress Flowmon ADS. Versions: up to 12.5.5.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today