CVE-2022-23961

In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 26, 2022
Published Date: May 08, 2026
Last Updated: May 08, 2026
Vendor: n/a
Product: n/a
Description: In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface.

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SSVC Information

Exploitation: poc
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-07-30 00:00:00 UTC) Source

References

https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2021-0034/

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-30 00:00:00 UTC

Timeline

CVE ID Reserved

January 26, 2022
Added to KEVIntel

July 30, 2025
CVE Published to Public

May 08, 2026