{"api_version":"1","generated_at":"2026-05-10T11:00:51+00:00","cve":"CVE-2005-1999","urls":{"html":"https://cve.report/CVE-2005-1999","api":"https://cve.report/api/cve/CVE-2005-1999.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-1999","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-1999"},"summary":{"title":"CVE-2005-1999","description":"Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).","state":"PUBLISHED","assigner":"mitre","published_at":"2005-06-15 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.gulftech.org/?node=research&article_id=00082-06142005","name":"http://www.gulftech.org/?node=research&article_id=00082-06142005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Contact Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=111885787217807&w=2","name":"http://marc.info/?l=bugtraq&m=111885787217807&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Multiple paFileDB Vulnerabilities' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.phparena.net/","name":"http://www.phparena.net/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"PHP Arena","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.phparena.net/pafiledb_patch/","name":"http://www.phparena.net/pafiledb_patch/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"PHP Arena","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-1999","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-1999","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"1999","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php_arena","cpe5":"pafiledb","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T22:06:57.849Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.phparena.net/"},{"name":"20050615 Multiple paFileDB Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=111885787217807&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.phparena.net/pafiledb_patch/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.gulftech.org/?node=research&article_id=00082-06142005"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-06-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php)."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-10-17T13:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.phparena.net/"},{"name":"20050615 Multiple paFileDB Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=111885787217807&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.phparena.net/pafiledb_patch/"},{"tags":["x_refsource_MISC"],"url":"http://www.gulftech.org/?node=research&article_id=00082-06142005"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-1999","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.phparena.net/","refsource":"CONFIRM","url":"http://www.phparena.net/"},{"name":"20050615 Multiple paFileDB Vulnerabilities","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=111885787217807&w=2"},{"name":"http://www.phparena.net/pafiledb_patch/","refsource":"CONFIRM","url":"http://www.phparena.net/pafiledb_patch/"},{"name":"http://www.gulftech.org/?node=research&article_id=00082-06142005","refsource":"MISC","url":"http://www.gulftech.org/?node=research&article_id=00082-06142005"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-1999","datePublished":"2005-06-20T04:00:00.000Z","dateReserved":"2005-06-20T00:00:00.000Z","dateUpdated":"2024-08-07T22:06:57.849Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-06-15 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php_arena:pafiledb:3.1:*:*:*:*:*:*:*","matchCriteriaId":"E6EB588E-FC2B-4E10-86F5-33C2758BEED5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"1999","Ordinal":"1","Title":"CVE-2005-1999","CVE":"CVE-2005-1999","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"1999","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).","Type":"Description","Title":"CVE-2005-1999"},{"CveYear":"2005","CveId":"1999","Ordinal":"2","NoteData":"2005-06-20","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"1999","Ordinal":"3","NoteData":"2016-10-17","Type":"Other","Title":"Modified"}]}}}