paFileDB pafiledb.php id Parameter XSS

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP script that is affected by cross-
site scripting issues.

Description :

The version of paFileDB installed on the remote host is vulnerable to
cross-site scripting attacks due to its failure to sanitize input to
the 'id' parameter of the 'pafiledb.php' script before using it to
generate dynamic HTML. An attacker may use these flaws to steal
cookies of users of the affected application.

See also :

Solution :

Upgrade to paFileDB 3.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 11479 ()

Bugtraq ID: 6021

CVE ID: CVE-2002-1931

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now