Primary

Context

Progress Flowmon Cross-Site Scripting Vulnerability Allowing Session Hijacking

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Progress Flowmon versions prior to 12.5.8 and 13.0.6. This issue allows an attacker to craft a malicious link that, when clicked by an administrator, can trigger unintended actions within the administrator's authenticated web session.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for session hijacking or unauthorized actions within the user's session.

Remediation

Users are advised to upgrade to Progress Flowmon versions 12.5.8 or 13.0.6. Upgrade packages are available through the Progress Community or the Progress Community Portal. Note that upgrading to a patched release using the full installer is the only way to address this vulnerability, and there will be a system outage during the upgrade.

Added: Apr 2, 2026, 2:32 PM

Updated: Apr 2, 2026, 2:32 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Flowmon Cross-Site Scripting Vulnerability Allowing Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

Progress Flowmon

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating