S4E

CVE-2021-35488 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Thruk affects v. 2.40-2.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

Thruk is an open-source monitoring platform utilized for monitoring multiple servers and network services. It is designed to provide an intuitive and modern web interface for centralized monitoring. Thruk facilitates effortless monitoring of critical systems and services, enabling system administrators and IT professionals to detect, diagnose, and rectify errors or issues promptly.

The CVE-2021-35488 vulnerability is a reflected cross-site scripting (XSS) vulnerability identified in Thruk version 2.40-2. The vulnerability is triggered through the host or title parameter of the /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE} URL. An attacker can leverage this vulnerability to inject malicious JavaScript code into the status.cgi page, compromising the security of the system.

When exploited, the CVE-2021-35488 vulnerability permits attackers to execute arbitrary JavaScript code in the context of an authenticated user's browser. This can enable them to perform unauthorized actions on the system, compromise sensitive data, or even launch more advanced attacks like session hijacking or cookie theft. The potential risks of such attacks can be severe, and their impact on the affected user and the organization can be wide-ranging.

Thanks to the pro features of the s4e.io platform, users can get quick and easy access to the latest information on vulnerabilities that threaten their digital assets. With accurate and detailed vulnerability assessments, as well as actionable remediation advice, s4e.io offers the most comprehensive security solution for organizations of all sizes. Don't wait for a vulnerability to compromise your system, take advantage of s4e.io today to secure your digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan