CVE-2023-26100 - Reflected XSS vulnerability in FMC Analysis

1. Vulnerability Properties

Title: Reflected XSS vulnerability in FMC Analysis
CVE ID: CVE-2023-26100
CVSSv3 Base Score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Vendor: Progress
Products: Flowmon FPI
Advisory Release Date: 19-04-2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-26100
Credits: Discovery by Caio Farias <caio.farias[at]devoteam.com>

2. Vulnerability Summary

In Flowmon OS 12.1.1 is detected Cross-site Scripting (XSS) vulnerability in the Monitoring Center -> Analysis

3. Vulnerable Versions

  • <=12.1.1

4. Solution

  • Fix is included in the Flowmon OS 12.2.4 and higher

5. Vulnerability Timeline

  • 02/Nov/22  -  Bug reported to Progress
  • 09/Nov/22 - Bug verified by vendor
  • 19/Apr/23 - Advisory released

6. References

  • https://support.kemptechnologies.com/hc/en-us/articles/12736934205837
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26100


© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.