XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df | Exploit Third Party Advisory |
https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about | Vendor Advisory |
https://www.paessler.com/prtg/history/stable | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-23T19:09:54
Updated: 2020-12-02T19:06:13
Reserved: 2020-06-15T00:00:00
Link: CVE-2020-14073
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-23T20:15:12.473
Modified: 2023-01-27T20:30:14.927
Link: CVE-2020-14073
JSON object: View
Redhat Information
No data.
CWE