Ghostwire

CVE-2022-23961: In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability...

MEDIUM CVSS 5.5

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2022-23961
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-23961
herolab.usd.de/security-advisories/
herolab.usd.de/security-advisories/usd-2021-0034/
nvd.nist.gov/vuln/detail/CVE-2022-23961