PT-2020-13878 · Paessler · Prtg Network Monitor
Alert3
+1
·
Published
2020-06-23
·
Updated
2023-01-27
·
CVE-2020-14073
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PRTG Network Monitor version 20.1.56.1574
Description
The issue allows an attacker with Read/Write privileges to create a map and insert JavaScript code using the Map Designer Properties screen. This can be exploited against any user with View Maps or Edit Maps access.
Recommendations
For PRTG Network Monitor version 20.1.56.1574, consider restricting access to the Map Designer Properties screen to prevent the insertion of malicious JavaScript code until a fix is available. As a temporary workaround, limit the privileges of users to prevent them from creating or editing maps.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prtg Network Monitor