CVE-2020-14073
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 2.9%
from disclosure to weapon162 days
Published on NVDJun 23
1st PoC+162d
exploitation probability
2.9%top 15% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49156unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/160312/PRTG-Network-Monitor-20.4.63.1412-Cross-Site-Scripting.htmlhttps://gist.github.com/alert3/e058baa33c31695f4168a1dbf77103dfhttps://kb.paessler.com/en/topic/88223-what-s-the-open-vulnerability-report-cve-2020-14073-that-my-security-tracker-informed-me-abouthttps://www.paessler.com/prtg/history/stable