PRTG Traffic Grapher < 220.127.116.113 / 18.104.22.1684 Cross-Site Scripting Vulnerability
Medium Nessus Network Monitor Plugin ID 5568
SynopsisThe remote host contains a web application that is vulnerable to a cross-site scripting attack.
DescriptionThe remote host is running PRTG Traffic Grapher, a web-based application for monitoring network traffic.
Versions of PRTG Traffic Graher earlier than 22.214.171.1243 / 126.96.36.1994 are potentially affected by a cross-site scripting vulnerability in the 'url' parameter of the 'login.htm' script. An unauthenticated remote attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.
SolutionUpgrade to PRTG Traffic Grapher 188.8.131.523, 184.108.40.2064, or later.