CVE-2022-35739: XSS
First published: Tue Oct 25 2022(Updated: )
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paessler PRTG Traffic Grapher | <22.3.79.2108 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-35739?
CVE-2022-35739 is a vulnerability in PRTG Network Monitor that allows the insertion of arbitrary content into the style tag for a device's icon.
What is the severity of CVE-2022-35739?
The severity of CVE-2022-35739 is medium (5.3).
How does CVE-2022-35739 affect PRTG Network Monitor?
CVE-2022-35739 affects PRTG Network Monitor versions up to 22.2.77.2204.
How can CVE-2022-35739 be exploited?
CVE-2022-35739 can be exploited by modifying the custom input for a device's icon to insert arbitrary content into the style tag, loading malicious Cascading Style Sheets (CSS) data.
Is there a fix for CVE-2022-35739?
Yes, it is recommended to update PRTG Network Monitor to version 22.3.79.2108 or later to fix CVE-2022-35739.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/paessler
- canonical/paessler prtg traffic grapher