Last active
June 24, 2020 06:36
-
-
Save alert3/e058baa33c31695f4168a1dbf77103df to your computer and use it in GitHub Desktop.
PRTG Network Monitor - 20.1.56.1574 X64 - Stored XSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a description of Stored XSS vulnerability found in PRTG Network Monitor - 20.1.56.1574 X64 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vendor
Paessler https://www.paessler.com/prtg
Product
PRTG Network Monitor - 20.1.56.1574 X64
Author
Amin Rawah
CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14073
Description
A malicious user with privilege to Read/Write can create a map then within 'Map Designer' The attacker can select 'Properties' and change their HTML by double clicking on the selected Item HTML before and after. A simple payload can be inserted <svg/onload=alert(1)/> to trigger Stored XSS affecting all users with Maps access. Please note that, any users can view Maps tab and edit maps will be affected by this vulnerability