CVE-2023-26100: XSS
First published: Fri Apr 21 2023(Updated: )
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Flowmon Os | <12.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26100?
CVE-2023-26100 is a vulnerability in Progress Flowmon before version 12.2.0 that allows for reflected XSS attacks.
How does CVE-2023-26100 affect Flowmon OS?
CVE-2023-26100 affects Flowmon OS versions up to (but not including) version 12.2.0.
What is the severity of CVE-2023-26100?
CVE-2023-26100 has a severity keyword of 'medium' with a CVSS severity score of 6.1.
How can a threat actor exploit CVE-2023-26100?
A threat actor can exploit CVE-2023-26100 by leveraging a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.
Are there any references or resources available for CVE-2023-26100?
Yes, you can find more information about CVE-2023-26100 and its impact on Flowmon at the following references: [Link 1](https://support.kemptechnologies.com/hc/en-us/articles/12736934205837), [Link 2](https://www.flowmon.com/en)
- collector/nvd-index
- vendor/progress
- canonical/progress flowmon os