Vulnerability Description
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | < 22.3.79.2108 |
Related Weaknesses (CWE)
References
- https://raxis.com/blog/cve-2022-35739ExploitThird Party Advisory
- https://www.paessler.com/prtg/history/stableRelease NotesVendor Advisory
- https://raxis.com/blog/cve-2022-35739ExploitThird Party Advisory
- https://www.paessler.com/prtg/history/stableRelease NotesVendor Advisory
FAQ
What is CVE-2022-35739?
CVE-2022-35739 is a vulnerability with a CVSS score of 5.3 (MEDIUM). PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page ...
How severe is CVE-2022-35739?
CVE-2022-35739 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35739?
Check the references section above for vendor advisories and patch information. Affected products include: Paessler Prtg Network Monitor.