| VID |
21514 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The paFileDB program is vulnerable to a cross-site scripting vulnerability in the pafiledb.php script. paFileDB is a Web-based file download management program developed by PHP Arena that uses a MySQL database. paFileDB versions prior to 3.0 are vulnerable to a cross-site scripting vulnerability in the pafiledb.php script. This vulnerability could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* References:
http://www.securityfocus.com/archive/1/296387
* Platforms Affected:
PHP Arena, paFileDB versions prior to 3.0
Linux Any version
Microsoft Windows Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of paFileDB (3.0 or later), available from the PHP Arena Web site at http://www.phparena.net/ |
| Related URL |
CVE-2002-1931 (CVE) |
| Related URL |
6021 (SecurityFocus) |
| Related URL |
10451 (ISS) |
|
