PRTG Network Monitor Tool – Cross Site Scripting Vulnerability

Vulnerable Version : 15.1.15.2021
Vendor Patch : 2-June-2015
CVE-ID : 2015-3445
Vendor Notification : 3-June-2015
Vulnerability Type : Cross Site Scripting Vulnerability
Risk Level : Critical
Reported By – Sachin wagh (@tiger_tigerboy)
Email : wsachin092@gmail.com

PRTG Network Monitor is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Vulnerable URLs :

  1. http://127.0.0.1/error.htm?errormsg=
  2. http://127.0.0.1/group.htm?id=2009&tabid=9

XSS Payload :

‘ “><img src=a onerror=prompt(document.domain);>

PRTG XSSFigure : Cross Site Scripting

PRTG Network Monitor 15.1.15.2021+ is vulnerable. It is recommended to check your PRTG Installation for this Version, via the Auto Update dialog.For more detail please contact the vendor.

Advertisements