Online media channels heavily rely on ad placements as a revenue stream, but the use of iframe busters for ad delivery introduces vulnerabilities, notably cross-site scripting (XSS), affecting about 2% of websites, including many in the media sector. Iframes are used to embed ads, but come with restrictions that iframe busters bypass, often without sufficient security measures, allowing potential exploitation by malicious actors. Despite past efforts by companies like Google to remove vulnerable files, many websites remain at risk, as highlighted by a recent report from Randy Westergren, which prompted further scrutiny by security researchers. The presence of XSS vulnerabilities poses significant risks, allowing attackers to execute JavaScript under a website's domain, leading to potential data theft and content manipulation, although it requires user interaction with a crafted link. This issue affects websites regardless of whether they handle sensitive data, as it can undermine user trust and site reputation, particularly for media companies with user data due to subscriptions and paywalls. Websites are encouraged to audit and secure their iframe busters, with tools like Detectify offering tests for such vulnerabilities, ensuring the continued safety and sustainability of ad revenue streams.