All versions prior to 4.3.1 (released April 3, 2011) are vulnerable.
I would like to thank David Ferrest for notifying me of this issue. Henrik Størner, lead Xymon developer.
Several cross-site scripting vulnerabilities have been identified in the
Xymon systems- and network-monitoring tool available at
http://sourceforge.net/projects/xymon/
- Xymon monitor cross-site scripting vulnerabilities Henrik Størner
