diff -Naur -x '*.orig' nagios-4.3.1/cgi/summary.c nagios-4.3.1-CVE-2018-18245/cgi/summary.c --- nagios-4.3.1/cgi/summary.c 2017-02-23 21:00:40.000000000 +0100 +++ nagios-4.3.1-CVE-2018-18245/cgi/summary.c 2019-02-20 22:47:57.735223585 +0100 @@ -1785,7 +1785,7 @@ printf("<td CLASS='data%s'>%s</td>", bgclass, (temp_event->state_type == AE_SOFT_STATE) ? "SOFT" : "HARD"); - printf("<td CLASS='data%s'>%s</td>", bgclass, temp_event->event_info); + printf("<td CLASS='data%s'>%s</td>", bgclass, html_encode(temp_event->event_info, 1)); printf("</tr>\n"); }