CVE-2023-26100 - XSS vulnerability in FMC Analysis
Information
| Summary: |
There is an Cross-site Scripting (XSS) vulnerability in FMC Analysis |
| Environment: |
Product: Flowmon OS Version: 12.1.1 Platform: All |
| Question/Problem Description: |
In Flowmon OS 12.1.1 is detected Cross-site Scripting (XSS) vulnerability in the Monitoring Center -> Analysis CVSS:4.6 Discoverer Credits: HackerOne - g3n3 |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | FLMON-3642, CVE-2023-26100 |
| Enhancement Number: | |
| Cause: |
In Flowmon versions prior to 12.2.0, an application endpoint failed to sanitize user supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. |
| Resolution: | Fix is included in the Flowmon OS 12.2.4 and higher |
| Workaround: | |
| Notes: |
Was this article helpful?
0 out of 0 found this helpful