Vulnerabilities > Thruk > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-35490 Cross-site Scripting vulnerability in Thruk
Thruk before 2.44 allows XSS for a quick command.
network
low complexity
thruk CWE-79
5.4
5.4
2021-11-09 CVE-2021-35488 Cross-site Scripting vulnerability in Thruk 2.402
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter.
network
low complexity
thruk CWE-79
6.1
6.1
2021-11-09 CVE-2021-35489 Cross-site Scripting vulnerability in Thruk 2.402
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter.
network
low complexity
thruk CWE-79
6.1
6.1