CVE-2021-4285: 
Nagios Cross-Platform Agent (NCPA) vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Nagios NCPA (Network Core Protocol Agent) affecting versions prior to 2.4.0. The vulnerability exists in the file agent/listener/templates/tail.html and was assigned CVE-2021-4285. The issue was disclosed on December 27, 2022 (VulDB).

The vulnerability stems from improper neutralization of user-controllable input in the tail.html template file. Specifically, the issue occurs when the 'name' argument is not properly sanitized before being placed in output that is served to other users. The vulnerability is classified as CWE-79 (Cross-site Scripting) and requires user interaction for successful exploitation (VulDB, GitHub Commit).

The vulnerability affects the integrity of the system and could allow attackers to execute malicious scripts in the context of other users' browsers. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user (VulDB).

The vulnerability was fixed in Nagios NCPA version 2.4.0. The fix involved changing the HTML method from .html() to .text() to properly escape user input. Users are recommended to upgrade to version 2.4.0 or later to address this security issue (GitHub Commit).