CVE-2021-35488 in Thruk정보

요약

\~에 의해 MITRE • 2021. 11. 10.

Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2021. 06. 24.

공개

2021. 11. 10.

모더레이션

수락

항목

VDB-186431

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

6.1 (NVD)

EPSS

0.12795

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-35488
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-35488
CVE Details	https://www.cvedetails.com/cve/CVE-2021-35488/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!