Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string.
http://www.securityfocus.com/bid/6021
http://www.phparena.net/downloads/pafiledb.php?action=license&id=1&file=16