PT-2021-18380 · Microsoft+1 · Active Directory+1

Matt Dunn

Published

2021-09-13

Updated

2021-09-22

CVE-2021-29643

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PRTG Network Monitor versions prior to 21.3.69.1333

Description The issue allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance. This occurs due to the lack of proper sanitization of the imported string.

Recommendations For versions prior to 21.3.69.1333, update to version 21.3.69.1333 or later to resolve the issue. As a temporary workaround, consider restricting the import of unsanitized strings from connected Active Directory instances to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-29643

Affected Products

Active Directory

Prtg Network Monitor

PT-2021-18380 · Microsoft+1 · Active Directory+1

CVE-2021-29643

Weakness Enumeration

Related Identifiers

Affected Products

References · 5