CVE-2021-35488

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...

Thruk 跨站脚本漏洞

Thruk is an open source multi-backend monitoring web interface from the personal developer Sven Nierlein of Germany. cross-site scripting vulnerability exists in Thruk 2.40-2, which stems from the system allowing the storage of XSS. no detailed vulnerability details are currently available...

CVE-2021-35489

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

Cross site scripting

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

CVE-2021-35489

Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...

CVE-2021-35489

CVE-2021-35489 affects Thruk 2.40-2. It is a reflected XSS in extinfo.cgi via the host or service parameter (type=2, host, service, backend). An authenticated user loading the page can trigger arbitrary JavaScript. The exploit details, affected version, and root cause are stated in public records...