CVE-2026-2737

Analysis

Cross-site scripting (XSS) in Progress Flowmon prior to versions 12.5.8 and 13.0.6 allows attackers to execute arbitrary actions within an administrator's authenticated session by tricking them into clicking a malicious link. The vulnerability exploits insufficient input validation or output encoding, enabling attackers to inject and execute malicious scripts in the context of a trusted user's browser session.

Sign in for full analysis, threat intelligence, and remediation guidance.