CVE-2026-2513

Summary

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareFlowmon ADSFlowmon ADS 12 versions prior to 12.5.5affected
Progress SoftwareFlowmon ADSFlowmon ADS 13 versions prior to 13.0.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References