CVE-2009-3153

Name of the Vulnerable Software and Affected Versions: x10 MP3 Search engine version 1.6.5

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including the pic id parameter to "includes/video ad.php", the category parameter to "linkvideos listing.php", the id parameter to "templates/header1.php" and "mp3/lyrics.php", the key parameter to "video listing.php" and "adult/video listing.php", and the name parameter to "mp3/embed.php" and "mp3/info.php".

Recommendations: For x10 MP3 Search engine version 1.6.5, consider disabling the affected parameters, such as pic id, category, id, key, and name, in their respective scripts until a patch is available. Restrict access to the vulnerable scripts, including "includes/video ad.php", "linkvideos listing.php", "templates/header1.php", "mp3/lyrics.php", "video listing.php", "adult/video listing.php", "mp3/embed.php", and "mp3/info.php", to minimize the risk of exploitation.