CVE-2022-35739

Published: Oct 25, 2022Modified: May 7, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

Affected (1)

Products: Paessler: Prtg Network Monitor

1 product

Prtg Network Monitor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Paessler Prtg Network Monitor	Before 22.3.79.2108

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://raxis.com/blog/cve-2022-35739

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.paessler.com/prtg/history/stable

Source: cve@mitre.org

Release NotesVendor Advisory

https://raxis.com/blog/cve-2022-35739

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.paessler.com/prtg/history/stable

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.