A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. Reference: https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Created nagios tracking bugs for this issue: Affects: epel-all [bug 1728576] Affects: fedora-all [bug 1728575]
This was for Nagios XI not nagios core. Nagios XI is not distributed via epel, fedora or anything you have created all these bug for.
Latest upstream release shipped for Nagios core is 4.4.3(and the flaw says fixed in 5.5.4 i.e for Nagios XI), XI[1] is a commercial thing with is not included in any Red Hat offerings. Closing out fedora and epel trackers as NOTABUG. [1] https://www.nagios.com/products/nagios-xi/
Statement: This issue did not affect Red Hat Gluster Storage 3 as it does not ship Nagios XI.