CVE-2022-23961

Name of the Vulnerable Software and Affected Versions Thruk Monitoring versions prior to 2.46.4

Description The login field of the login form is susceptible to reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation, allowing attackers to execute scripts in the victim's browser. Unauthenticated remote attackers can exploit this to target users of the monitoring interface.

Recommendations Update to version 2.46.4 or later. As a temporary workaround, restrict access to the login form to trusted networks to minimize the risk of exploitation.