CVE-2020-14073

MEDIUM

Paessler Prtg Network Monitor - XSS

Title source: rule

Description

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.

Exploits (1)

exploitdb WORKING POC

by Amin Rawah · textwebappswindows

https://www.exploit-db.com/exploits/49156

View Code ZIP pw:eip

References (4)

[Release Notes, Vendor Advisory] https://www.paessler.com/prtg/history/stable

[Exploit, Third Party Advisory] https://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103df

[Vendor Advisory] https://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-about

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0095

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

paessler/prtg_network_monitor 20.1.56.1574

Published Jun 23, 2020

Tracked Since Feb 18, 2026