Skip to content

Instantly share code, notes, and snippets.

@alert3

alert3/main.txt

Last active Jun 24, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
PRTG Network Monitor - 20.1.56.1574 X64 - Stored XSS
Raw
main.txt
This is a description of Stored XSS vulnerability found in PRTG Network Monitor - 20.1.56.1574 X64
@alert3

This comment has been minimized.

Sign in to view
Copy link
Owner Author

@alert3 alert3 commented Jun 23, 2020
edited

Vendor

Paessler https://www.paessler.com/prtg

Product

PRTG Network Monitor - 20.1.56.1574 X64

Author

Amin Rawah

CVE ID

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14073

Description

A malicious user with privilege to Read/Write can create a map then within 'Map Designer' The attacker can select 'Properties' and change their HTML by double clicking on the selected Item HTML before and after. A simple payload can be inserted <svg/onload=alert(1)/> to trigger Stored XSS affecting all users with Maps access. Please note that, any users can view Maps tab and edit maps will be affected by this vulnerability
@alert3

This comment has been minimized.

Sign in to view
Copy link
Owner Author

@alert3 alert3 commented Jun 23, 2020

xss
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment