Vulnerable Version : 220.127.116.111
Vendor Patch : 2-June-2015
CVE-ID : 2015-3445
Vendor Notification : 3-June-2015
Vulnerability Type : Cross Site Scripting Vulnerability
Risk Level : Critical
Reported By – Sachin wagh (@tiger_tigerboy)
Email : firstname.lastname@example.org
PRTG Network Monitor is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Vulnerable URLs :
XSS Payload :
‘ “><img src=a onerror=prompt(document.domain);>
PRTG Network Monitor 18.104.22.1681+ is vulnerable. It is recommended to check your PRTG Installation for this Version, via the Auto Update dialog.For more detail please contact the vendor.