PT-2026-24949 · Progress · Flowmon Ads
Published
2026-03-12
·
Updated
2026-03-13
·
CVE-2026-2514
CVSS v4.0
8.6
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Progress Flowmon ADS versions prior to 12.5.5
Progress Flowmon ADS versions prior to 13.0.3
Description
A security issue exists in Progress Flowmon ADS that allows an attacker with access to Flowmon monitoring ports to create malicious network data. When this data is processed by Flowmon ADS and viewed by an authenticated user, unintended actions can be executed within the user's browser context. The issue involves crafting malicious data that impacts the web application when viewed by a user.
Recommendations
Versions prior to 12.5.5 should be updated to version 12.5.5 or later.
Versions prior to 13.0.3 should be updated to version 13.0.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flowmon Ads