Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
f89dda035b10b7cb0cea37643164ca192f767b587a8cd37c87951f667973bff8
Ubuntu Security Notice 1151-1 - Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
dbddcfca89b20def2a2289fede61c28c8b2da56d5deb5a9dbc9249b874d0c56f