In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
{ "binaries": [ { "binary_version": "4.3.25-1", "binary_name": "xymon" }, { "binary_version": "4.3.25-1", "binary_name": "xymon-client" } ] }
{ "binaries": [ { "binary_version": "4.3.28-3build1", "binary_name": "xymon" }, { "binary_version": "4.3.28-3build1", "binary_name": "xymon-client" } ] }
{ "binaries": [ { "binary_version": "4.3.29-1", "binary_name": "xymon" }, { "binary_version": "4.3.29-1", "binary_name": "xymon-client" } ], "availability": "No subscription required" }