cvedb.io
CVE-2021-35489
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2021-11-09T23:15:08.830 · Last modified 2026-06-17T03:57:33.887

Summary

Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.

Affected products

thruk — thruk

Does this affect you?

Add your gear to cvedb and we'll alert you only when thruk ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.