Massive Horse

**Name of the Vulnerable Software and Affected Versions** TimThumb versions 1.09 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `src` parameter in the `timthumb.php` file. This can be exploited by attackers to execute malicious scripts on the victim's browser. **Recommendations** For TimThumb versions 1.09 and earlier, avoid using the `src` parameter in the `timthumb.php` file until a patch is available. As a temporary workaround, consider restricting access to the `timthumb.php` file to minimize the risk of exploitation.