PRTG Network Monitor Tool – Cross Site Scripting Vulnerability

Vulnerable Version :
Vendor Patch : 2-June-2015
CVE-ID : 2015-3445
Vendor Notification : 3-June-2015
Vulnerability Type : Cross Site Scripting Vulnerability
Risk Level : Critical
Reported By – Sachin wagh (@tiger_tigerboy)
Email :

PRTG Network Monitor is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Vulnerable URLs :


XSS Payload :

‘ “><img src=a onerror=prompt(document.domain);>

PRTG XSSFigure : Cross Site Scripting

PRTG Network Monitor is vulnerable. It is recommended to check your PRTG Installation for this Version, via the Auto Update dialog.For more detail please contact the vendor.