CVE-2005-1999: XSS
First published: Wed Jun 15 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php Arena Pabugs | =3.1 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1999?
CVE-2005-1999 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-1999?
To fix CVE-2005-1999, you should sanitize and validate user inputs for the affected parameters in pafiledb.php.
Which versions of paFileDB are affected by CVE-2005-1999?
CVE-2005-1999 affects paFileDB version 3.1.
What types of attacks can be performed exploiting CVE-2005-1999?
Exploiting CVE-2005-1999 may allow attackers to execute arbitrary web scripts or HTML in the context of a user's browser.
Is CVE-2005-1999 a newly discovered vulnerability?
CVE-2005-1999 was disclosed in 2005, making it an older vulnerability that still impacts systems using vulnerable versions of paFileDB.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/php arena
- canonical/php arena pabugs
- version/php arena pabugs/3.1