Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application

Description

A vulnerability classified as problematic has been found in Progress Flowmon up to up to 12.5.7/13.0.5. Affected by this vulnerability is an unknown functionality of the component Link Handler. This manipulation causes cross site scripting. The attack can be initiated remotely.

Affected Products

Vendor	Product	Versions
progress	flowmon	Flowmon 12 versions prior to 12.5.8, Flowmon 13 versions prior to 13.0.6, Flowmon 12 versions prior to 12.5.7, Flowmon 13 versions prior to 13.0.5

References

https://community.progress.com/s/article/CVE-2026-2737-Progress-Flowmon(vendor-advisory)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-2737 | Progress Flowmon up to up to 12.5.7/13.0.5 Link cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://community.progress.com/s/article/CVE-2026-2737-Progress-Flowmon

CWECWE-79

PublishedApr 2, 2026

Last enriched5h agov2

Trending Score32

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated description with new technical details, changed severity to HIGH, and updated affected versions to 12.5.7 and 13.0.5.

descriptionseverityaffectedVersions

via VulDB

v16h ago

Initial creation

Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History