paFileDB pafiledb.php id Parameter XSS

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP script that is affected by cross-
site scripting issues.

Description :

The version of paFileDB installed on the remote host is vulnerable to
cross-site scripting attacks due to its failure to sanitize input to
the 'id' parameter of the 'pafiledb.php' script before using it to
generate dynamic HTML. An attacker may use these flaws to steal
cookies of users of the affected application.

See also :

http://archives.neohapsis.com/archives/bugtraq/2002-10/0305.html

Solution :

Upgrade to paFileDB 3.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 11479 ()

Bugtraq ID: 6021

CVE ID: CVE-2002-1931
CVE-2005-0952