Good morning,
As reported at <https://bugs.gentoo.org/show_bug.cgi?id=516078> and <http://docs.pnp4nagios.org/pnp-0.6/dwnld>, PNP4Nagios pnp-0.6.22 fixes a cross-site scripting issue.
This may be the fix:
http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
share/pnp/application/views/kohana_error_page.php Diff Switch to side-by-side view
--- a/share/pnp/application/views/kohana_error_page.php
+++ b/share/pnp/application/views/kohana_error_page.php
@@ -28,7 +28,7 @@
<div style="padding: 0pt 0.7em;" class="ui-state-error ui-corner-all">
<h3>Please check the documentation for information about the following error.</h3>
-<p><?php echo $message ?></p>
+<p><?php echo html::specialchars($message) ?></p>
<?php if ( ! empty($line) AND ! empty($file)): ?>
<h3>file [line]:</h3>
<p><?php echo Kohana::lang('core.error_file_line', $file, $line) ?></p>
Can a CVE please be assigned?
Thanks,
--
Murray McAllister