Mikael Falkvidd

**Name of the Vulnerable Software and Affected Versions** PNP4Nagios versions prior to 0.6.23 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific URI paths, including "share/pnp/application/views/kohana error page.php" and "share/pnp/application/views/template.php". This leads to improper handling within an http-equiv="refresh" META element, potentially resulting in cross-site scripting (XSS) attacks. **Recommendations** For PNP4Nagios versions prior to 0.6.23, update to version 0.6.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected URI paths, such as "share/pnp/application/views/kohana error page.php" and "share/pnp/application/views/template.php", to minimize the risk of exploitation.