PHP Arena PAFileDB Search Cross-Site Scripting Vulnerability

PHP Arena paFileDB is prone to cross-site scripting attacks.

An attacker may construct a malicious link to the vulnerable script which contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will execute in their web client in the security context of the paFileDB site.

This issue is reported to be exploitable by providing HTML and script code as a search string.


 

Privacy Statement
Copyright 2010, SecurityFocus