PT-2026-24948 · Progress · Flowmon Ads
Published
2026-03-12
·
Updated
2026-03-13
·
CVE-2026-2513
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3
Description
A security issue exists in Progress Flowmon ADS where an administrator clicking a malicious link provided by an attacker could unintentionally execute unwanted actions within their active web session.
Recommendations
Update Progress Flowmon ADS to version 12.5.5 or later.
Update Progress Flowmon ADS to version 13.0.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flowmon Ads