Volerion logoVolerion
Volerion logoVolerion

Thruk Monitoring Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Thruk Monitoring versions prior to 2.46.3. The issue arises in the login form, where the 'login' field is susceptible to XSS payloads. Unauthenticated remote attackers can exploit this vulnerability to inject malicious scripts that are executed in the context of the user interface.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the login endpoint with an XSS payload in the 'login' parameter. The application will respond with an error message that includes the unencoded payload, which will then be executed as a script.

Remediation

Users are advised to update to Thruk Monitoring version 2.46.3 or later, where this vulnerability has been fixed.

Added: May 8, 2026, 5:25 AM
Updated: May 8, 2026, 5:25 AM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
1.7
exploitability
7.5
remediation
7.7
relevance
7.8
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.