The Exploit

Notes from the Front Lines of Penetration Testing

PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

Posted on

Categories: ,
PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
Vulnerability Summary

Recently, I discovered a stored Cross-Site Scripting vulnerability in PRTG Network Monitor Version 21.1.66.1623+. The vulnerability exists in the email field of user details on the “User Accounts” page at /systemsetup.htm?tabid=5 when users are loaded from Active Directory. After the page loads, the email field is loaded with unescaped content, allowing malicious JavaScript to be reflected back to the user.

Proof of Concept and Exploitation Details

The vulnerability can be triggered by inserting HTML content, specifically script tags, into the email field of an Active Directory user. The following was inserted as a proof of concept to reflect the user’s cookie in an alert box:

<script>alert(document.cookie)</script>

 An example of this on one such user can be seen in the image below:

Stored XSS Payload

After loading the list of users, the HTML is then presented unescaped on the web page, which allows the script tags to be loaded as valid JavaScript. The unescaped HTML, as it loads in the browser, is seen in the next image:

Unescaped JavaScript Tags

Once the page loads, the JavaScript executes, displaying the user’s cookie to the screen, as shown in this picture:

XSS Payload Execution to Display User’s Cookie in an Alert Box
Vulnerable Software Version

Raxis discovered this vulnerability on PRTG Network Monitor version 21.1.66.1623+.

Remediating the Vulnerability

Upgrade PRTG Network Monitor to Version 21.3.69.1333 or later immediately. The release notes and upgrade instructions can be found here: https://www.paessler.com/prtg/history/stable#21.3.69.1333.

Disclosure Timeline
  • March 22, 2021 – Vulnerability reported to Paessler Technologies.
  • March 25, 2021 – Vulnerability confirmed by Paessler Technologies.
  • April 12, 2021 – CVE-2021-29643 assigned to this vulnerability.
  • July 6, 2021 – Paessler releases version 21.3.69.1333 to address this vulnerability.
CVE Links & More

 

 


Raxis Research Team

Also by Raxis Research Team

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready To See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.