CVE-2023-26100

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 12.2.0

Description The issue arises from an application endpoint that failed to sanitize user-supplied input, allowing a threat actor to leverage a reflected XSS vulnerability. This vulnerability enables the execution of arbitrary code within the context of a Flowmon user's web browser.

Recommendations For versions prior to 12.2.0, update to version 12.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable application endpoint to minimize the risk of exploitation.