Vulnerabilities > PHP Arena > Pafiledb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-27 | CVE-2004-1975 | Cross-Site Scripting vulnerability in PAFileDB ID Variable Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. network php-arena | 4.3 |
| 2004-04-27 | CVE-2004-1974 | Information Disclosure vulnerability in PHP Arena Pafiledb 3.1 paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. | 5.0 |
| 2002-12-31 | CVE-2002-1931 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 1.1.3/2.1.1 Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. network php-arena | 4.3 |
| 2002-12-31 | CVE-2002-1929 | Cross-Site Scripting vulnerability in PHP Arena Pafiledb 1.1.3/2.1.1/3.0 Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. network php-arena | 4.3 |