Vulnerabilities > Paessler > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-05 CVE-2020-11547 Missing Authentication for Critical Function vulnerability in Paessler Prtg Network Monitor
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
network
low complexity
paessler CWE-306
5.3
5.3
2020-02-03 CVE-2019-19119 Insufficiently Protected Credentials vulnerability in Paessler Prtg Network Monitor
An issue was discovered in PRTG 7.x through 19.4.53.
local
low complexity
paessler CWE-522
5.5
5.5
2019-12-31 CVE-2019-9207 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 7.1.3.3378
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter.
network
low complexity
paessler CWE-79
6.1
6.1
2019-12-31 CVE-2019-9206 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 7.1.3.3378
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter.
network
low complexity
paessler CWE-79
6.1
6.1
2019-04-10 CVE-2018-14683 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
network
low complexity
paessler CWE-79
6.1
6.1
2017-10-26 CVE-2017-15917 Improper Privilege Management vulnerability in Paessler Prtg Network Monitor 17.3.33.2830
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
network
low complexity
paessler CWE-269
6.5
6.5
2017-10-20 CVE-2017-15651 Improper Input Validation vulnerability in Paessler Prtg Network Monitor 17.3.33.2830
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.
local
low complexity
paessler CWE-20
6.7
6.7
2017-10-15 CVE-2017-15360 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
network
low complexity
paessler CWE-79
5.4
5.4
2017-10-04 CVE-2017-15009 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
network
low complexity
paessler CWE-79
6.1
6.1
2017-10-04 CVE-2017-15008 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
network
low complexity
paessler CWE-79
4.8
4.8