CVE-2022-35739 is a medium-severity vulnerability affecting PRTG Network Monitor versions up to 22.2.77.2204. The issue arises because the software does not properly sanitize custom input for a device's icon, allowing an attacker to insert arbitrary Cascading Style Sheets (CSS) content into the style tag associated with that device. When the device page is loaded, this malicious CSS is injected into the page's style tag. However, due to PRTG Network Monitor's filtering of certain characters and modern browsers' security measures that disable JavaScript execution within style tags, this vulnerability cannot be escalated into a Cross-Site Scripting (XSS) attack. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a cross-site scripting-related weakness, but the impact is limited to confidentiality as no code execution or integrity/availability impact is reported. The CVSS v3.1 base score is 5.3 (medium), with the vector indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and limited confidentiality impact. No known exploits are reported in the wild, and no patches or vendor advisories are linked in the provided data. This vulnerability could potentially allow an attacker to manipulate the visual presentation of the device page, possibly misleading users or exfiltrating information via CSS-based side channels, but it does not allow direct code execution or session hijacking.

For European organizations using PRTG Network Monitor, this vulnerability poses a moderate risk primarily to confidentiality. An attacker with network access to the monitoring interface could inject malicious CSS that alters the appearance of device pages, potentially misleading administrators or causing confusion. Although the vulnerability does not allow JavaScript execution or direct code injection, CSS-based attacks can sometimes be leveraged for information disclosure or UI redressing attacks. Given that PRTG is widely used for network monitoring in critical infrastructure and enterprise environments, any manipulation of monitoring data presentation could impact operational awareness. However, the lack of code execution and the requirement for network access to the monitoring interface limit the potential impact. Organizations with exposed or poorly segmented monitoring interfaces are at higher risk. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. Overall, the threat is moderate but should be addressed to maintain trust in monitoring data and prevent potential indirect attacks.

To mitigate this vulnerability, European organizations should first ensure that their PRTG Network Monitor installations are not exposed to untrusted networks or the public internet. Network segmentation and firewall rules should restrict access to the monitoring interface to authorized personnel only. Administrators should monitor for unusual or unauthorized changes to device icons or configurations that could indicate exploitation attempts. Although no official patch is referenced, organizations should check with Paessler (the vendor of PRTG) for any updates or patches addressing this issue and apply them promptly. Additionally, implementing Content Security Policy (CSP) headers that restrict style sources and disallow inline styles could reduce the impact of injected CSS. Regular security audits and input validation reviews on custom inputs in PRTG configurations can help detect and prevent similar issues. Finally, educating administrators about this vulnerability and encouraging vigilance when reviewing device page appearances can help detect potential misuse.