CVE-2017-12879 Information

Description

Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://drive.google.com/open?id=0B6WbMqXSfqQFODZHUGtLdzU3eDA https://www.paessler.com/prtg/history/preview https://www.paessler.com/prtg/history/stable https://youtu.be/QOLdH2oey8Q

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4