CVE-2009-1849

CVSS V2 Medium 4.3 CVSS V3 None
Description
Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Overview
  • CVE ID
  • CVE-2009-1849
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2009-06-01T19:30:00
  • Last Modified Date
  • 2009-06-29T04:00:00
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:paessler:prtg_traffic_grapher:*:*:*:*:*:*:*:* 1 OR 6.2.977
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.7.139:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.0.8.154:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.256:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.257:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.265:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.1.0.266:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.356:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.357:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.363:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.0.364:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.385:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.2.1.386:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.470:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.0.471:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.498:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.505:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.510:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.522:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.534:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.562:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:4.3.1.566:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.300:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.310:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.1.356:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.379:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.0.3.398:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.0.452:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.1.1.474:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.548:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.549:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.559:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.560:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.565:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.566:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.574:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.575:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.581:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.2.0.582:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.687:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.738:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.739:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.758:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.759:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.812:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.813:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.833:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.834:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.862:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:5.3.0.863:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.255:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.2.256:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.258:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.259:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.261:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.262:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.284:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.3.285:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.332:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.333:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.335:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.336:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.393:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.4.394:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.417:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.441:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.442:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.450:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.5.451:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.585:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.586:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.601:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.602:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.625:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.626:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.675:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.0.6.676:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.683_beta:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.750:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.751:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.753:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.754:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.756:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.0.757:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.854:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.1.1.855:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.907:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.0.908:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.950:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.951:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.957:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.958:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.963:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher:6.2.1.964:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:paessler:prtg_traffic_grapher6.0.5.416:*:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://blog.bkis.com/?p=704
http://www.securityfocus.com/bid/35128
http://www.paessler.com/support/kb/questions/prtg6history Patch Vendor Advisory
http://secunia.com/advisories/35249 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-1849
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1849
History
Created Old Value New Value Data Type Notes
2022-05-10 11:14:56 Added to TrackCVE