2.1.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

php-arena

nessus

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.

Vulnerable Configurations

Part	Description	Count
Application	Php_Arena PHP Arena Pafiledb 1.1.3 PHP Arena Pafiledb 2.1.1	2

Nessus

NASL family	CGI abuses : XSS
NASL id	PAFILEDB_XSS.NASL
description	The version of paFileDB installed on the remote host is vulnerable to cross-site scripting attacks due to its failure to sanitize input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	11479
published	2003-03-26
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11479
title	paFileDB pafiledb.php id Parameter XSS

Summary

Vulnerable Configurations

Nessus

References