Author: Russell Stuart <russell-debian@stuart.id.au>
Description: CVE-2018-18245
  Fixes #902138

--- a/cgi/summary.c
+++ b/cgi/summary.c
@@ -1785,7 +1785,7 @@
 
 		printf("<td CLASS='data%s'>%s</td>", bgclass, (temp_event->state_type == AE_SOFT_STATE) ? "SOFT" : "HARD");
 
-		printf("<td CLASS='data%s'>%s</td>", bgclass, temp_event->event_info);
+		printf("<td CLASS='data%s'>%s</td>", bgclass, html_encode(temp_event->event_info, 1));
 
 		printf("</tr>\n");
 		}
