A vulnerability has been found and corrected in nagios: Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter . The updated packages have been patched to correct this issue.