CVE-2014-4908

Name of the Vulnerable Software and Affected Versions PNP4Nagios versions prior to 0.6.23

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific URI paths, including "share/pnp/application/views/kohana error page.php" and "share/pnp/application/views/template.php". This leads to improper handling within an http-equiv="refresh" META element, potentially resulting in cross-site scripting (XSS) attacks.

Recommendations For PNP4Nagios versions prior to 0.6.23, update to version 0.6.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected URI paths, such as "share/pnp/application/views/kohana error page.php" and "share/pnp/application/views/template.php", to minimize the risk of exploitation.