CVE-2021-35488 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Thruk affects v. 2.40-2.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
Thruk is an open-source monitoring platform utilized for monitoring multiple servers and network services. It is designed to provide an intuitive and modern web interface for centralized monitoring. Thruk facilitates effortless monitoring of critical systems and services, enabling system administrators and IT professionals to detect, diagnose, and rectify errors or issues promptly.
The CVE-2021-35488 vulnerability is a reflected cross-site scripting (XSS) vulnerability identified in Thruk version 2.40-2. The vulnerability is triggered through the host or title parameter of the /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE} URL. An attacker can leverage this vulnerability to inject malicious JavaScript code into the status.cgi page, compromising the security of the system.
When exploited, the CVE-2021-35488 vulnerability permits attackers to execute arbitrary JavaScript code in the context of an authenticated user's browser. This can enable them to perform unauthorized actions on the system, compromise sensitive data, or even launch more advanced attacks like session hijacking or cookie theft. The potential risks of such attacks can be severe, and their impact on the affected user and the organization can be wide-ranging.
Thanks to the pro features of the s4e.io platform, users can get quick and easy access to the latest information on vulnerabilities that threaten their digital assets. With accurate and detailed vulnerability assessments, as well as actionable remediation advice, s4e.io offers the most comprehensive security solution for organizations of all sizes. Don't wait for a vulnerability to compromise your system, take advantage of s4e.io today to secure your digital assets.
REFERENCES