N/A

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

N/A

N/A

Paessler PRTG Network Monitor 跨站脚本漏洞

Paessler PRTG Network Monitor是德国Paessler公司的一款全功能网络监控管理软件。 PRTG Network Monitor 22.2.77.2204版本存在跨站脚本漏洞，该漏洞源于不会阻止设备图标的自定义输入，可以对其进行修改以将任意内容插入到该设备的样式标签中，当设备页面加载时，任意的CSS数据被插入到样式标签中，从而加载恶意内容。

N/A

N/A