CVE-2021-35489
CVE-2021-35489 affects Thruk 2.40-2. It is a reflected XSS in extinfo.cgi via the host or service parameter (type=2, host, service, backend). An authenticated user loading the page can trigger arbitrary JavaScript. The exploit details, affected version, and root cause are stated in public records...