Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Thruk 跨站脚本漏洞
Vulnerability Description
Thruk是德国Sven Nierlein个人开发者的一个开源的多后端监控网络界面。 Thruk 存在跨站脚本漏洞,该漏洞源于通过主机或服务参数进行反射型 XSS。 攻击者可以将任意 JavaScript 注入 extinfo.cgi。 每次经过身份验证的用户浏览包含它的页面时,都会触发恶意负载。
CVSS Information
N/A
Vulnerability Type
N/A