Thruk 2.40-2 allows stored XSS.
EPSS
5.4 Medium
CVSS3
CVE-2021-35490
Thruk before 2.44 allows XSS for a quick command.
