alert3/main.txt

Last active June 24, 2020 06:36

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df.js"></script>
Save alert3/e058baa33c31695f4168a1dbf77103df to your computer and use it in GitHub Desktop.

Download ZIP

PRTG Network Monitor - 20.1.56.1574 X64 - Stored XSS

Raw

This is a description of Stored XSS vulnerability found in PRTG Network Monitor - 20.1.56.1574 X64

Author

alert3 commented Jun 23, 2020 •

edited

Vendor

Paessler https://www.paessler.com/prtg

Product

PRTG Network Monitor - 20.1.56.1574 X64

Author

Amin Rawah

CVE ID

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14073

Description

A malicious user with privilege to Read/Write can create a map then within 'Map Designer' The attacker can select 'Properties' and change their HTML by double clicking on the selected Item HTML before and after. A simple payload can be inserted <svg/onload=alert(1)/> to trigger Stored XSS affecting all users with Maps access. Please note that, any users can view Maps tab and edit maps will be affected by this vulnerability

Author

alert3 commented Jun 23, 2020

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment