PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
References
| Link | Resource |
|---|---|
| https://raxis.com/blog/cve-2022-35739 | Exploit Third Party Advisory |
| https://www.paessler.com/prtg/history/stable | Release Notes Vendor Advisory |
Configurations
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 |
28 Oct 2022, 19:51
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| CPE | cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* | |
| First Time |
Paessler prtg Network Monitor
Paessler |
|
| CWE | CWE-74 | |
| References | (MISC) https://www.paessler.com/prtg/history/stable - Release Notes, Vendor Advisory | |
| References | (MISC) https://raxis.com/blog/cve-2022-35739 - Exploit, Third Party Advisory |
27 Oct 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
25 Oct 2022, 17:37
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-10-25 17:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35739
Mitre link : CVE-2022-35739
CVE.ORG link : CVE-2022-35739
JSON object : View
Products Affected
paessler
- prtg_network_monitor
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')