Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

CVE-2023-26100 - XSS vulnerability in FMC Analysis

 

Information

 

Summary:

There is an Cross-site Scripting (XSS) vulnerability in FMC Analysis

Environment:

Product: Flowmon OS

Version: 12.1.1

Platform: All

Question/Problem Description:

In Flowmon OS 12.1.1 is detected Cross-site Scripting (XSS) vulnerability in the Monitoring Center -> Analysis

CVSS:4.6

Discoverer Credits: HackerOne - g3n3

Steps to Reproduce:  
Error Message:  
Defect Number: FLMON-3642, CVE-2023-26100
Enhancement Number:  
Cause:

In Flowmon versions prior to 12.2.0, an application endpoint failed to sanitize user supplied input.  A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.

Resolution: Fix is included in the Flowmon OS 12.2.4 and higher
Workaround:  
Notes:  

Was this article helpful?
0 out of 1 found this helpful

Comments