Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. https://nvd.nist.gov/vuln/detail/CVE-2018-18245