CVE-2020-14073

MEDIUM

PRTG Network Monitor 20.1.56.1574 - Authenticated Stored Cross-Site Scripting via Map Designer Properties

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14073. PoCs published by Amin Rawah.

AI-analyzed exploit summary This exploit leverages a stored XSS vulnerability in PRTG Network Monitor's 'maps' feature to escalate privileges to PRTG Administrator by injecting a malicious form that submits a POST request to modify user settings.

Description

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.

Exploits (1)

exploitdb WORKING POC
by Amin Rawah · textwebappswindows
https://www.exploit-db.com/exploits/49156

This exploit leverages a stored XSS vulnerability in PRTG Network Monitor's 'maps' feature to escalate privileges to PRTG Administrator by injecting a malicious form that submits a POST request to modify user settings.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: PRTG Network Monitor 20.4.63.1412
Auth required
Prerequisites: Valid PRTG user credentials · Access to create/modify maps · Knowledge of the target's currentUserId
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0286
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
paessler/prtg_network_monitor 20.1.56.1574
Published Jun 23, 2020
Tracked Since Feb 18, 2026