New nagios version was released recently with following entry in the changelog:
Fix for a potential cross site scripting vulnerability in the CGIs
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5624 to
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors to unspecified CGI scripts.
Mike: Please make the updates. Is there anything that prevent you from doing so?
Do you need any help?
This issue was addressed in:
Created attachment 305352 [details]
This fix is present in upstream version 2.10.
(Extracted from SuSE nagios-2.9-48.4.src.rpm)