In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.3.29-1", "binary_name": "xymon" }, { "binary_version": "4.3.29-1", "binary_name": "xymon-client" }, { "binary_version": "4.3.29-1", "binary_name": "xymon-client-dbgsym" }, { "binary_version": "4.3.29-1", "binary_name": "xymon-dbgsym" } ] }