CVE-2009-4729

Name of the Vulnerable Software and Affected Versions x10 Adult Media Script version 1.7

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters, including the pic id parameter to "includes/video ad.php", the category parameter to "linkvideos listing.php", the id parameter to "templates/header1.php", and the key parameter to "video listing.php".

Recommendations For x10 Adult Media Script version 1.7, consider disabling the affected parameters, such as pic id, category, id, and key, in their respective scripts until a patch is available. Restrict access to the vulnerable scripts, including "includes/video ad.php", "linkvideos listing.php", "templates/header1.php", and "video listing.php", to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved.