CVE-2005-4012

Name of the Vulnerable Software and Affected Versions PHP Web Statistik version 1.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the lastnumber parameter to "stat.php" and the HTTP referer to "pixel.php".

Recommendations For PHP Web Statistik version 1.4, consider restricting access to the "stat.php" and "pixel.php" files until a patch is available. As a temporary workaround, avoid using the lastnumber parameter in the "stat.php" file. Additionally, restrict the HTTP referer to "pixel.php" to minimize the risk of exploitation.