PRTG Network Monitor - 20.1.56.1574 X64 - Stored XSS
This comment has been minimized.
This comment has been minimized.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Vendor
Paessler https://www.paessler.com/prtg
Product
PRTG Network Monitor - 20.1.56.1574 X64
Author
Amin Rawah
CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14073
Description
A malicious user with privilege to Read/Write can create a map then within 'Map Designer' The attacker can select 'Properties' and change their HTML by double clicking on the selected Item HTML before and after. A simple payload can be inserted <svg/onload=alert(1)/> to trigger Stored XSS affecting all users with Maps access. Please note that, any users can view Maps tab and edit maps will be affected by this vulnerability