Security Advisory

CVE-2021-35489

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-09 22:28:52

Last updated 2024-08-04 00:40:47

Assigner mitre

State PUBLISHED

Description

Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.

← Browse all CVEs View on cve.org ↗