Hi there ZegaZegaZig,
I’m the author of the disclosure post.
What I did in the code was wrap around the referer and user agent with the htmlentities() php function. It’s very simple.
This function just transforms the html characters into their code so they can be ignored as javascript or html code when outputted to the page.
Anyone here in the forum with some php knowledge will confirm this. So you can trust my patch. With it you will be protected from the XSS vulnerability. But keep an eye on the author’s page so you can update it has soon has the official patch comes up.
I won’t be giving details about the ways of exploitation to avoid script kiddies messing around.
If you have any question feel free to ask.
