Lucene search

[email protected]NVD:CVE-2020-14073

HistoryJun 23, 2020 - 8:15 p.m.

CVE-2020-14073

2020-06-2320:15:12

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

80.0%

JSON

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.

Affected configurations

Nvd

Node

paesslerprtg_network_monitorMatch20.1.56.1574

References

packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-Cross-Site-Scripting.html

gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df

kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about

www.paessler.com/prtg/history/stable

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

80.0%

JSON

Related for NVD:CVE-2020-14073

cve1 cvelist1 prion1 openvas1 packetstorm1 exploitdb1