3 matches found
CVE-2021-35488
Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...
Cross site scripting
Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...
CVE-2021-35489
Thruk 2.40-2 allows /thruk/cgi-bin/extinfo.cgi?type=2&host=HOSTNAME&service=SERVICENAME&backend=BACKEND Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browse...