Skip to main content

In Progress Flowmon ADS CVE-2026-2514

Cross-site Scripting (XSS) (CWE-79)
2026-03-12 security@progress.com

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 13:16 nvd
N/A

DescriptionCVE.org

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being executed in the user's browser context.

Analysis

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being executed in the user's browser context.

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects In Progress Flowmon ADS. In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being executed in the user's browser context.

Affected ProductsAI

Product: In Progress Flowmon ADS. Versions: up to 12.5.5.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.

Share

CVE-2026-2514 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy