PRTG Network Monitor
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9276 | Hig | 0.69 | 7.2 | 0.87 | KEV | Jul 2, 2018 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed… | |
| CVE-2017-15651 | Med | 0.44 | 6.7 | 0.01 | Oct 20, 2017 | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | ||
| CVE-2017-15009 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2017 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | ||
| CVE-2017-15360 | Med | 0.35 | 5.4 | 0.01 | Oct 15, 2017 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | ||
| CVE-2017-15008 | Med | 0.31 | 4.8 | 0.01 | Oct 4, 2017 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | ||
| CVE-2019-9206 | 0.00 | — | 0.01 | Dec 31, 2019 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. |
- risk 0.69cvss 7.2epss 0.87
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed…
- risk 0.44cvss 6.7epss 0.01
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.
- risk 0.40cvss 6.1epss 0.01
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
- risk 0.35cvss 5.4epss 0.01
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
- risk 0.31cvss 4.8epss 0.01
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
- CVE-2019-9206Dec 31, 2019risk 0.00cvss —epss 0.01
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.