XSS in Progress Software Flowmon
CVE-2026-2737
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web sessio…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (0.0th percentile) — read the EPSS interpretation.
Affected products
- Progress Software Flowmon — versions Flowmon 12 versions prior to 12.5.8, Flowmon 13 versions prior to 13.0.6
Weakness classification (CWE)
References
- community.progress.com/s/article/CVE-2026-2737-Progress-Flowmon (vendor-advisory)