Php-Stats · Php-Stats · CVE-2007-4334
**Name of the Vulnerable Software and Affected Versions**
Php-stats version 0.1.9.2
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `IP` parameter in the whois.php file.
**Recommendations**
For Php-stats version 0.1.9.2, avoid using the `IP` parameter in the whois.php file until a fix is available. As a temporary workaround, consider restricting access to the whois.php file to minimize the risk of exploitation.