RSS   Podatności dla 'Thruk'   RSS

2021-12-15
 
CVE-2021-35490

CWE-79
 

 
Thruk 2.40-2 allows stored XSS.

 
2021-11-09
 
CVE-2021-35488

CWE-79
 

 
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.

 
 
CVE-2021-35489

CWE-79
 

 
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.

 


Copyright 2024, cxsecurity.com

 

Back to Top