Progress Flowmon ADS Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3. This issue allows an adversary with access to Flowmon monitoring ports to craft malicious network data. When this data is processed by Flowmon ADS and viewed by an authenticated user, it could trigger unintended actions in the user's browser context.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of malicious scripts in the context of the user's session.

Remediation

Users are advised to upgrade to Progress Flowmon ADS versions 12.5.5 or 13.0.3. The upgrade should be performed using the full installer, as this is the only method to address the vulnerability. Upgrade packages are available through the Progress Community or via the Progress Community Portal.