CVE-2021-29643: 
PRTG Network Monitor vulnerability analysis and mitigation

PRTG Network Monitor before version 21.3.69.1333 was affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2021-29643). The vulnerability was discovered in version 21.1.66.1623+ and existed in the email field of user details on the "User Accounts" page when users are loaded from Active Directory. The issue allowed malicious JavaScript to be reflected back to the user due to unescaped content (Raxis Blog).

The vulnerability could be triggered by inserting HTML content, specifically script tags, into the email field of an Active Directory user. After loading the list of users, the HTML was presented unescaped on the web page, which allowed script tags to be loaded as valid JavaScript. This allowed execution of arbitrary JavaScript code in the context of the user's session (Raxis Blog). The vulnerability has been assigned a CVSS v3.1 score of 5.4 MEDIUM (NVD).

The stored XSS vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' sessions who view the affected page. This could potentially lead to session hijacking, theft of sensitive information, or other malicious actions performed with the privileges of the affected users (Raxis Blog).

The vulnerability was patched in PRTG Network Monitor version 21.3.69.1333. Users are advised to upgrade to this version or later immediately to address the security issue (Paessler Release Notes).