How severe is CVE-2024-12833?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-12833?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-12833 - HIGH Severity | CVSS 8

Vulnerability Description

Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371.

Related Vulnerabilities

CVE-2017-10612

HIGH

CVSS:8.0(High)

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal informati...

CWE-792017

CVE-2019-1583

HIGH

CVSS:8.0(High)

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another use...

CWE-792019

CVE-2019-17333

HIGH

CVSS:8.0(High)

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releas...

CWE-792019

CVE-2020-35936

HIGH

CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotel...

CWE-792020

CVE-2020-35937

HIGH

CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a re...

CWE-792020

CVE-2020-5398

HIGH

CVSS:8.0(High)

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it s...

CWE-792020