Paessler Prtg Network Monitor vulnerabilities
39 known vulnerabilities affecting paessler/prtg_network_monitor.
Total CVEs
39
CISA KEV
2
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH10MEDIUM27
Vulnerabilities
Page 2 of 2
CVE-2025-67833P4MEDIUMCVSS 6.1fixed in 25.4.114.10322026-01-14
CVE-2025-67833 [MEDIUM] CWE-79 CVE-2025-67833: Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.
nvd
CVE-2021-27220P4MEDIUMCVSS 5.3fixed in 21.1.66.16232021-03-31
CVE-2021-27220 [MEDIUM] CVE-2021-27220: An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot func
An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.
nvd
CVE-2025-67834P4MEDIUMCVSS 5.4fixed in 25.4.114.10322026-01-14
CVE-2025-67834 [MEDIUM] CWE-79 CVE-2025-67834: Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filt
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.
nvd
CVE-2022-35739P4MEDIUMCVSS 5.3fixed in 22.3.79.21082022-10-25
CVE-2022-35739 [MEDIUM] CWE-79 CVE-2022-35739: PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which c
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing
nvd
CVE-2019-9206P4MEDIUMCVSS 6.1v7.1.3.33782019-12-31
CVE-2019-9206 [MEDIUM] CWE-79 CVE-2019-9206: PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.
nvd
CVE-2021-29643P4MEDIUMCVSS 5.4fixed in 21.3.69.13332021-09-13
CVE-2021-29643 [MEDIUM] CWE-79 CVE-2021-29643: PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a
PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance.
nvd
CVE-2023-31449P4MEDIUMCVSS 4.7fixed in 23.3.86.15202023-08-09
CVE-2023-31449 [MEDIUM] CWE-22 CVE-2023-31449: A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earl
A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside
nvd
CVE-2023-31448P4MEDIUMCVSS 4.7fixed in 23.3.86.15202023-08-09
CVE-2023-31448 [MEDIUM] CWE-22 CVE-2023-31448: A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier ver
A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designate
nvd
CVE-2023-31450P4MEDIUMCVSS 4.7fixed in 23.3.86.15202023-08-09
CVE-2023-31450 [MEDIUM] CWE-22 CVE-2023-31450: A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier
A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the d
nvd
CVE-2019-9207P4MEDIUMCVSS 6.1v7.1.3.33782019-12-31
CVE-2019-9207 [MEDIUM] CWE-79 CVE-2019-9207: PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This pro
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.
nvd
CVE-2018-14683P4MEDIUMCVSS 6.1fixed in 19.1.49.19662019-04-10
CVE-2018-14683 [MEDIUM] CWE-79 CVE-2018-14683: PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
nvd
CVE-2017-12879P4MEDIUMCVSS 5.4≤ 17.3.332017-08-24
CVE-2017-12879 [MEDIUM] CWE-79 CVE-2017-12879: Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2019-19119P4MEDIUMCVSS 5.5≥ 7.0, ≤ 19.4.53.2020-02-03
CVE-2019-19119 [MEDIUM] CWE-522 CVE-2019-19119: An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local reg
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
nvd
CVE-2017-9816P4MEDIUMCVSS 6.1≤ 17.2.32.22062017-08-18
CVE-2017-9816 [MEDIUM] CWE-79 CVE-2017-9816: Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows
Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-5078P4MEDIUMCVSS 6.1≤ 16.2.24.37912017-04-10
CVE-2016-5078 [MEDIUM] CWE-79 CVE-2016-5078: Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
nvd
CVE-2017-15360P4MEDIUMCVSS 5.4v17.3.33.28302017-10-15
CVE-2017-15360 [MEDIUM] CWE-79 CVE-2017-15360: PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
nvd
CVE-2017-15009P4MEDIUMCVSS 6.1v17.3.33.28302017-10-04
CVE-2017-15009 [MEDIUM] CWE-79 CVE-2017-15009: PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.h
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
nvd
CVE-2021-34547P4MEDIUMCVSS 4.3v20.1.55.17752021-06-10
CVE-2021-34547 [MEDIUM] CWE-352 CVE-2021-34547: PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.
PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation.
nvd
CVE-2017-15008P4MEDIUMCVSS 4.8v17.3.33.28302017-10-04
CVE-2017-15008 [MEDIUM] CWE-79 CVE-2017-15008: PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
nvd
← Previous2 / 2