Skip to content

Instantly share code, notes, and snippets.

@alert3

alert3/main.txt

Last active Jun 24, 2020
Embed
What would you like to do?
PRTG Network Monitor - 20.1.56.1574 X64 - Stored XSS
This is a description of Stored XSS vulnerability found in PRTG Network Monitor - 20.1.56.1574 X64
@alert3

This comment has been minimized.

Copy link
Owner Author

@alert3 alert3 commented Jun 23, 2020

Vendor

Paessler https://www.paessler.com/prtg

Product

PRTG Network Monitor - 20.1.56.1574 X64

Author

Amin Rawah

CVE ID

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14073

Description

A malicious user with privilege to Read/Write can create a map then within 'Map Designer' The attacker can select 'Properties' and change their HTML by double clicking on the selected Item HTML before and after. A simple payload can be inserted <svg/onload=alert(1)/> to trigger Stored XSS affecting all users with Maps access. Please note that, any users can view Maps tab and edit maps will be affected by this vulnerability

@alert3

This comment has been minimized.

Copy link
Owner Author

@alert3 alert3 commented Jun 23, 2020

xss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.