Vulnerability Description
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | 20.1.56.1574 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-CrExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103dfExploitThird Party Advisory
- https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-Vendor Advisory
- https://www.paessler.com/prtg/history/stableRelease NotesVendor Advisory
- http://packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-CrExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103dfExploitThird Party Advisory
- https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-Vendor Advisory
- https://www.paessler.com/prtg/history/stableRelease NotesVendor Advisory
FAQ
What is CVE-2020-14073?
CVE-2020-14073 is a vulnerability with a CVSS score of 5.4 (MEDIUM). XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScrip...
How severe is CVE-2020-14073?
CVE-2020-14073 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14073?
Check the references section above for vendor advisories and patch information. Affected products include: Paessler Prtg Network Monitor.