CVE-2017-15008 - OpenCVE

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paessler	Prtg Network Monitor

Configuration 1 [-]

cpe:2.3:a:paessler:prtg_network_monitor:17.3.33.2830:*:*:*:*:*:*:*

References

Link	Resource
https://medium.com/stolabs/security-issue-on-prtg-network-manager-ada65b45d37b	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:34

Updated: 2022-10-03T16:23:34

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-15008

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-04T01:29:03.340

Modified: 2017-10-12T15:45:11.750

Link: CVE-2017-15008

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paessler:prtg_network_monitor:17.3.33.2830:*:*:*:*:*:*:*", "matchCriteriaId": "50563838-FE5C-4B0F-BBFE-6D6D8072077D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element."}, {"lang": "es", "value": "La versi\u00f3n 17.3.33.2830 de PRTG Network Monitor es vulnerable a Cross-Site Scripting (XSS) persistente en todos los t\u00edtulos de sensores. Esto se relaciona con una mala gesti\u00f3n de errores para un %00 en el atributo SRC de un elemento IMG."}], "id": "CVE-2017-15008", "lastModified": "2017-10-12T15:45:11.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-04T01:29:03.340", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://medium.com/stolabs/security-issue-on-prtg-network-manager-ada65b45d37b"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}