CVE-2021-35488 in Thrukinfo

Zusammenfassung

von MITRE • 10.11.2021

Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

24.06.2021

Veröffentlichung

10.11.2021

Moderieren

akzeptiert

Eintrag

VDB-186431

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

6.1 (NVD)

EPSS

0.12795

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-35488
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-35488
CVE Details	https://www.cvedetails.com/cve/CVE-2021-35488/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!