paFileDB pafiledb.php id Parameter XSS

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP script that is affected by cross-
site scripting issues.

Description :

The version of paFileDB installed on the remote host is vulnerable to
cross-site scripting attacks due to its failure to sanitize input to
the 'id' parameter of the 'pafiledb.php' script before using it to
generate dynamic HTML. An attacker may use these flaws to steal
cookies of users of the affected application.

See also :

Solution :

Upgrade to paFileDB 3.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 11479 ()

Bugtraq ID: 6021

CVE ID: CVE-2002-1931

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial