In Xymon up to and including 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
xymon xymon
debian debian linux 8.0