CVE-2017-20209
Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting XSS via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...