CVE-2021-35488 Scanner

Thruk is an open-source monitoring platform utilized for monitoring multiple servers and network services. It is designed to provide an intuitive and modern web interface for centralized monitoring. Thruk facilitates effortless monitoring of critical systems and services, enabling system administrators and IT professionals to detect, diagnose, and rectify errors or issues promptly.

The CVE-2021-35488 vulnerability is a reflected cross-site scripting (XSS) vulnerability identified in Thruk version 2.40-2. The vulnerability is triggered through the host or title parameter of the /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE} URL. An attacker can leverage this vulnerability to inject malicious JavaScript code into the status.cgi page, compromising the security of the system.

When exploited, the CVE-2021-35488 vulnerability permits attackers to execute arbitrary JavaScript code in the context of an authenticated user's browser. This can enable them to perform unauthorized actions on the system, compromise sensitive data, or even launch more advanced attacks like session hijacking or cookie theft. The potential risks of such attacks can be severe, and their impact on the affected user and the organization can be wide-ranging.

Thanks to the pro features of the securityforeveryone.com platform, users can get quick and easy access to the latest information on vulnerabilities that threaten their digital assets. With accurate and detailed vulnerability assessments, as well as actionable remediation advice, securityforeveryone.com offers the most comprehensive security solution for organizations of all sizes. Don't wait for a vulnerability to compromise your system, take advantage of securityforeveryone.com today to secure your digital assets.

REFERENCES

• https://www.gruppotim.it/redteam
• https://www.thruk.org/changelog.html