Security Advisory

CVE-2021-35488

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-09 22:29:41

Last updated 2024-08-04 00:40:46

Assigner mitre

State PUBLISHED

Description

Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.

← Browse all CVEs View on cve.org ↗